| タイトル | https://www.sourcecodester.com/php/17280/advocate-office-managem Advocate office management system free download V1.0 SQL Injection |
|---|
| 説明 | In this office management system, a critical SQL injection vulnerability exists in the activate_act.php file located at the server path /kortex_lite/kortex_lite/control/activate_act.php. This vulnerability arises because developers failed to implement strict filtering, escaping, or parameterization for user-input parameters when writing database interaction code, enabling attackers to construct malicious SQL statement fragments and splice them into legitimate database query statements.
By exploiting this vulnerability, attackers can bypass the system's normal authentication mechanisms and execute arbitrary SQL query operations: they can not only illegally obtain sensitive information stored in the systembut also further tamper with critical data in the database. In extreme cases, attackers can even gain control of the database server through privilege escalation, ultimately rendering the entire data security system of the office management system completely ineffective. This poses severe security consequences for enterprises, including data leakage, loss of trade secrets, and business disruption. |
|---|
| ソース | ⚠️ https://github.com/yuan384/cve/issues/1 |
|---|
| ユーザー | yuan384 (UID 95948) |
|---|
| 送信 | 2026年02月26日 18:12 (2 月 ago) |
|---|
| モデレーション | 2026年03月07日 21:52 (9 days later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 274063 [SourceCodester Kortex Lite Advocate Office Management System 1.0 activate_act.php 識別子 SQLインジェクション] |
|---|
| ポイント | 0 |
|---|