16Oca
CVE-2024-22628 | Budget and Expense Tracker System 1.0 date_end sql injection
A vulnerability was found in Budget and Expense Tracker System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /expense_budget/admin/?page=reports/budget&date_start=2023-12-28. The manipulation of the argument date_end leads to sql injection. This vulnerability was named CVE-2024-22628. The attack needs to be done within the local network. There is no exploit available.