Billing Software v1.0 - Multiple SQLi

Description

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

Vulnerabilities

CVE-2023-49622

The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

CVE-2023-49624

The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

CVE-2023-49625

The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

CVE-2023-49633

The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

CVE-2023-49639

The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

<?php
include('config.php');
$customer_details = $_POST['customer_details'];
...
$rowc2 = mysqli_query($con, "SELECT * FROM  `party_details` where sl_no='$customer_details'");

CVE-2023-49641

The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

<?php
session_start();
include('config.php');
$username = $_POST['username'];
$password = $_POST['password'];

$sql = mysqli_query($con, "SELECT * FROM ho_role WHERE user_name = '$username' AND password = '$password'");

CVE-2023-49658

The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

CVE-2023-49665

The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

$quantity = $_POST['quantity'];
...
for($i = 0; $i<count($mat_des); $i++) {
    $sql1 = mysqli_query($con,

CVE-2023-49666

The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

Our security policy

We have reserved the IDs CVE-2023-49622, CVE-2023-49624, CVE-2023-49625, CVE-2023-49633, CVE-2023-49639, CVE-2023-49641, CVE-2023-49658, CVE-2023-49665 and CVE-2023-49666 to refer to these issues from now on.

Disclosure policy

System Information

• Version: Billing Software v1.0

• Operating System: Any

Mitigation

There is currently no patch available for this vulnerability.

References

• Vendor page https://www.kashipara.com/