| 제목 | Sourcodester Kortex Lite Advocate Office Management System v1.0 SQL injection |
|---|
| 설명 | Source Code: https://www.sourcecodester.com/php/17280/advocate-office-management-system-free-download.html
The application is vulnerable to SQL injection due to improper handling of user input in the id parameter. By directly incorporating user-supplied values into SQL queries without proper validation or the use of prepared statements, attackers can manipulate the id parameter to execute arbitrary SQL commands. This allows for potential data manipulation, data exfiltration, or unauthorized access to sensitive information. |
|---|
| 원천 | ⚠️ https://github.com/zyairelai/CVE-submissions/blob/main/kortex-activate_case-sqli.md |
|---|
| 사용자 | zyairelai (UID 67401) |
|---|
| 제출 | 2024. 04. 09. AM 07:25 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 04. 10. PM 07:57 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 260274 [SourceCodester Kortex Lite Advocate Office Management System 1.0 activate_case.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|