### Key Information 1. **Vulnerability ID**: - VDB-276780 - CVE-2024-8560 2. **Vulnerability Name**: - SourceCodester Simple Invoice Generator System 1.0 /save_invoice.php SQL Injection 3. **CVSS Meta Temp Score**: - 6.0 4. **Current Exploit Price**: - $0-$5k 5. **CTI Interest Score**: - 1.37 6. **Vulnerability Description**: - A critical vulnerability has been identified in the /save_invoice.php file of SourceCodester Simple Invoice Generator System 1.0. - The vulnerability affects an unknown function, where the use of unknown input can lead to an SQL injection flaw. - CWE classifies this issue as CWE-89. - The product constructs SQL commands using external, untrusted input, but fails to properly neutralize or neutralize special elements that could alter the SQL command when sent to downstream components. - This impacts confidentiality, integrity, and availability. 7. **Exploitability**: - The vulnerability has been publicly disclosed and may be exploited. - It is marked as CWE-89. - Exploitation requires easy-to-use methods. - Attacks can be launched remotely. - Technical details and public exploits are known. - MITRE ATT&CK labels the attack technique as T1505. 8. **Exploit Status**: - The vulnerability is marked as PoC (Proof-of-Concept). - Targets vulnerable to this flaw can be identified via Google Hacking by searching for `inurl:save_invoice.php`. 9. **Recommended Actions**: - No known remediation is available. - It is recommended to replace the affected component. 10. **Similar Vulnerabilities**: - A similar vulnerability is identified by VDB-247343.