VYPR
Vendor

Kashipara Group

Products
1
CVEs
15
Across products
15
Status
Private

Products

1

Recent CVEs

15
  • CVE-2023-49666CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-49665CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-49658CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-49639CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-49633CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-49625CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-49624CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-49622CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2024-0496MedJan 13, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack…

  • CVE-2024-0495MedJan 13, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The…

  • CVE-2024-0494MedJan 13, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is…

  • CVE-2024-0493MedJan 13, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument…

  • CVE-2024-0492MedJan 13, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql…

  • CVE-2026-6624LowApr 20, 2026
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote.…

  • CVE-2026-6622LowApr 20, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The…

VYPR — Vulnerability Intelligence