Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.
An attacker sends a crafted HTTP request containing a malicious SQL payload in the delete parameter, which is passed directly to the database query without proper validation or parameterization. The lack of input data sanitization allows injection of arbitrary SQL instructions that will be executed by the database engine. The attack does not require authentication, user interaction, or special privileges, and the network vector allows it to be carried out remotely.
An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete data, and in favorable configurations potentially take control of the database server. The vulnerability threatens the confidentiality, integrity, and availability of the system.
Patches available from the vendor should be applied in accordance with the references. As mitigating measures, it is recommended to implement parameterized SQL queries (prepared statements), validation and sanitization of input data on the server side, and restrict access to the application at the firewall level to trusted sources.
Code-Projects Budget Management version 1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCode Projects Budget Management
APPCode-Projects1.0
Related vulnerabilities
A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vuln...
Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.
Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień
Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP
SQL Injection w Code-Projects Scholars Tracking System 1.0