vendor:
Water Billing System
by:
Mehmet Kelepçe / Gais Cyber Security
N/A
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Water Billing System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Apache2 and Windows 10
2020
Water Billing System 1.0 – ‘id’ SQL Injection (Authenticated)
The 'id' parameter in the 'edituser.php' and 'viewbill.php' pages of the Water Billing System 1.0 is vulnerable to SQL Injection. An attacker can manipulate the 'id' parameter to execute arbitrary SQL queries.
Mitigation:
To mitigate this vulnerability, input validation and parameterized queries should be implemented to ensure that user-supplied input is properly sanitized and does not interfere with the structure of the SQL query.