| Titre | Sourcodester Kortex Lite Advocate Office Management System v1.0 SQL injection |
|---|
| Description | Source Code: https://www.sourcecodester.com/php/17280/advocate-office-management-system-free-download.html
The application is vulnerable to SQL injection due to improper handling of user input while submitting the text field. By directly incorporating user-supplied values into SQL queries without proper validation or the use of prepared statements, attackers can manipulate the text field parameters to execute arbitrary SQL commands. This allows for potential data manipulation, data exfiltration, or unauthorized access to sensitive information. |
|---|
| La source | ⚠️ https://github.com/zyairelai/CVE-submissions/blob/main/kortex-register_case-sqli.md |
|---|
| Utilisateur | zyairelai (UID 67401) |
|---|
| Soumission | 09/04/2024 08:38 (il y a 2 ans) |
|---|
| Modérer | 10/04/2024 19:59 (1 day later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 260277 [SourceCodester Kortex Lite Advocate Office Management System 1.0 register_case.php injection SQL] |
|---|
| Points | 20 |
|---|