| タイトル | Sourcodester Kortex Lite Advocate Office Management System v1.0 SQL injection |
|---|
| 説明 | Source Code: https://www.sourcecodester.com/php/17280/advocate-office-management-system-free-download.html
The application is vulnerable to SQL injection due to improper handling of user input in the name, gender, dob, email, mobile, address parameter. By directly incorporating user-supplied values into SQL queries without proper validation or the use of prepared statements, attackers can manipulate the name, gender, dob, email, mobile, address parameter to execute arbitrary SQL commands. This allows for potential data manipulation, data exfiltration, or unauthorized access to sensitive information. |
|---|
| ソース | ⚠️ https://github.com/zyairelai/CVE-submissions/blob/main/kortex-adds-sqli.md |
|---|
| ユーザー | zyairelai (UID 67401) |
|---|
| 送信 | 2024年04月09日 07:49 (2 年 ago) |
|---|
| モデレーション | 2024年04月10日 19:57 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 260276 [SourceCodester Kortex Lite Advocate Office Management System 1.0 /control/adds.php name/gender/dob/email/mobile/address SQLインジェクション] |
|---|
| ポイント | 20 |
|---|