Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
MATCHA INVOICE 2.6.6 and earlier: Hackers Can Access Your Data
CVE-2026-24913
Summary
An attacker who has a MATCHA INVOICE login can access and potentially change sensitive information stored in the database. This is a serious issue that requires immediate attention to prevent unauthorized access and data tampering. Update to the latest version of MATCHA INVOICE to fix the problem.
Original title
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to...
Original description
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.
nvd CVSS3.0
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-89
SQL Injection
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026