| 제목 | https://www.sourcecodester.com/php/17280/advocate-office-managem Advocate office management system free download V1.0 SQL Injection |
|---|
| 설명 | In this office management system, a critical SQL injection vulnerability exists in the activate_act.php file located at the server path /kortex_lite/kortex_lite/control/activate_act.php. This vulnerability arises because developers failed to implement strict filtering, escaping, or parameterization for user-input parameters when writing database interaction code, enabling attackers to construct malicious SQL statement fragments and splice them into legitimate database query statements.
By exploiting this vulnerability, attackers can bypass the system's normal authentication mechanisms and execute arbitrary SQL query operations: they can not only illegally obtain sensitive information stored in the systembut also further tamper with critical data in the database. In extreme cases, attackers can even gain control of the database server through privilege escalation, ultimately rendering the entire data security system of the office management system completely ineffective. This poses severe security consequences for enterprises, including data leakage, loss of trade secrets, and business disruption. |
|---|
| 원천 | ⚠️ https://github.com/yuan384/cve/issues/1 |
|---|
| 사용자 | yuan384 (UID 95948) |
|---|
| 제출 | 2026. 02. 26. PM 06:12 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 07. PM 09:52 (9 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 274063 [SourceCodester Kortex Lite Advocate Office Management System 1.0 activate_act.php 아이디 SQL 주입] |
|---|
| 포인트들 | 0 |
|---|