Submit #312813: Sourcodester Kortex Lite Advocate Office Management System v1.0 SQL injectioninfo

TitleSourcodester Kortex Lite Advocate Office Management System v1.0 SQL injection
DescriptionSource Code: https://www.sourcecodester.com/php/17280/advocate-office-management-system-free-download.html The application is vulnerable to SQL injection due to improper handling of user input in the cname parameter. By directly incorporating user-supplied values into SQL queries without proper validation or the use of prepared statements, attackers can manipulate the cname parameter to execute arbitrary SQL commands. This allows for potential data manipulation, data exfiltration, or unauthorized access to sensitive information.
Source⚠️ https://github.com/zyairelai/CVE-submissions/blob/main/kortex-addcase_stage-sqli.md
Userzyairelai (ID 67401)
Submission04/09/2024 07:38 (23 days ago)
Moderation04/10/2024 19:57 (2 days later)
Accepted
Accepted
VulDB EntryVDB-260275

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!