| Title | https://www.sourcecodester.com/php/17280/advocate-office-managem Advocate office management system free download V1.0 SQL Injection |
|---|
| Description | In this office management system, a critical SQL injection vulnerability exists in the activate_act.php file located at the server path /kortex_lite/kortex_lite/control/activate_act.php. This vulnerability arises because developers failed to implement strict filtering, escaping, or parameterization for user-input parameters when writing database interaction code, enabling attackers to construct malicious SQL statement fragments and splice them into legitimate database query statements.
By exploiting this vulnerability, attackers can bypass the system's normal authentication mechanisms and execute arbitrary SQL query operations: they can not only illegally obtain sensitive information stored in the systembut also further tamper with critical data in the database. In extreme cases, attackers can even gain control of the database server through privilege escalation, ultimately rendering the entire data security system of the office management system completely ineffective. This poses severe security consequences for enterprises, including data leakage, loss of trade secrets, and business disruption. |
|---|
| Source | ⚠️ https://github.com/yuan384/cve/issues/1 |
|---|
| User | yuan384 (UID 95948) |
|---|
| Submission | 02/26/2026 18:12 (2 months ago) |
|---|
| Moderation | 03/07/2026 21:52 (9 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 274063 [SourceCodester Kortex Lite Advocate Office Management System 1.0 activate_act.php ID sql injection] |
|---|
| Points | 0 |
|---|