Submit #780459: Mayuri K Advocate Office Management System 1.0 SQL Injectioninfo

TitleMayuri K Advocate Office Management System 1.0 SQL Injection
DescriptionA SQL Injection vulnerability was discovered in Advocate Office Management System 1.0. The flaw exists within the 'username' parameter of the '/control/login.php' component. Due to inadequate sanitization of user-supplied input, an unauthenticated remote attacker can execute arbitrary SQL commands via time-based blind SQL injection. Additionally, a logic flaw allows the database query to be executed before Google reCAPTCHA validation, enabling a complete bypass of the captcha mechanism.
Source⚠️ https://github.com/zy606/Vulnerability-PoC/blob/main/README.md
User
 Zyyyy (UID 96412)
Submission03/15/2026 15:19 (4 months ago)
Moderation03/31/2026 16:04 (16 days later)
StatusDuplicate
VulDB entry278789 [SourceCodester Advocate Office Management System 1.0 /control/login.php Username sql injection]
Points0

Interested in the pricing of exploits?

See the underground prices here!