bigprof-software / online-invoicing-system Goto Github PK

Few potential security vulnerability has been disclosed to huntr .
Plz validate report submitted against your repo by going huntr https://huntr.dev/

how do i change the date format to US date format? on the invoices and reports sections- it is set to EU date format
i need it to be in m/d/yyyy

i tried changing it in admin panel on the mysql and php format - but no luck.

Hi team,

While reviewing the source code for this application, I've noticed there is the possibility of injecting user controlled SQL statements which would allow for complete compromise of the application.

Note: The proof of concept is demonstrated in the Actual Exploitation section.

{Edit by repo author: details temporarily redacted till the issue is fixed within a few days}

Lastly I just wanted to say thank you so much for releasing such awesome open source applications. I've had a lot of fun testing this application as the code is very well written and the application itself serves a realistic purpose.

Please let me know if you have any questions regarding this issue.

Best regards,
- mqt

Are you planning on adding a quote section to this?

description removed temporarily

The unit price is not updating automatically from the first unit price

How to change currency number US Dollars to IDR Rupiah ?

Very nice project, I just jumped in to say that I downloaded the code uploaded to my WAMP server and everything looks to be working as intended, however the invoice template selection is not working.

Error Message

Expression #9 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'invoice.IT.unit_price' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by

something is bug check it .....

Should it be a read only field?

There is an XSS vulnerability in the said file.

I have created a pull request which fixes it.
The vulnerability details and fix are in the following pull request.

418sec#6