HIGHCVE-2026-24913Published 2026-04-08Modified 2026-04-08CNA jpcert

CVE-2026-24913: SQL Injection vulnerability exists in MATCHA INVOICE 2

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

ICZ Corporation / MATCHA INVOICE
2.6.6 and earlier

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

oss.icz.co.jp
jvn.jp

Metrics