제출 #768914: https://www.sourcecodester.com/php/17280/advocate-office-managem https://www.sourcecodester.com/php/17280/advocate-office-management-system-free-download.html V1.0 SQL Injection정보

제목https://www.sourcecodester.com/php/17280/advocate-office-managem https://www.sourcecodester.com/php/17280/advocate-office-management-system-free-download.html V1.0 SQL Injection
설명In the core business module of this office management system, a critical SQL injection vulnerability exists in the activate_case.php processing file located at the server path /kortex_lite/kortex_lite/control/activate_case.php. The root cause of this vulnerability is that developers failed to implement compliant filtering, escaping, or parameterized query processing for core parameters passed by users (such as case activation identifiers, user operation credentials, business process numbers, etc.) when writing database interaction logic. This allows attackers to construct malicious SQL statement fragments and splice them into the system's normal database query statements, thereby breaking through the security restrictions on data access. By exploiting this vulnerability, attackers can bypass the system's identity verification and permission control mechanisms to execute arbitrary unauthorized SQL operations: they can not only illegally read and steal sensitive information stored in the system (including user account passwords, enterprise case data, employee identity information, financial transaction records, core business configurations, etc.) but also tamper with critical data in the database (such as modifying case activation status, forging business approval records, adjusting user permission levels). Furthermore, attackers can achieve database privilege escalation through SQL injection to gain operational access to the database server, ultimately leading to the complete collapse of the data security defense line of the entire office management system. This brings a series of severe consequences to the enterprise, including data leakage, theft of trade secrets, disruption of business processes, and legal compliance risks.
원천⚠️ https://github.com/yuan384/cve/issues/2
사용자
 yuan384 (UID 95948)
제출2026. 02. 27. AM 07:45 (1 월 ago)
모더레이션2026. 03. 07. PM 09:53 (9 days later)
상태중복
VulDB 항목260274 [SourceCodester Kortex Lite Advocate Office Management System 1.0 activate_case.php 아이디 SQL 주입]
포인트들0

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!