2 matches found
CVE-2024-25210
Simple Expense Tracker v1.0 is affected by a SQL injection in the expense parameter of /endpoint/delete_expense.php. CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no authentication, no user interaction. The root cause is injectable SQL via the expense parameter, affecting confid...
CVE-2024-25211
CVE-2024-25211 affects Simple Expense Tracker v1.0 and is a SQL injection vulnerability via the category parameter in /endpoint/delete_category.php. The issue is rated CVSSv3.1 9.8 (CRITICAL) with network attack vector, no user interaction, and total impact on confidentiality, integrity, and avai...