| Title | Mayuri K Advocate Office Management System 1.0 SQL Injection |
|---|
| Description | A SQL Injection vulnerability was discovered in Advocate Office Management System 1.0. The flaw exists within the 'username' parameter of the '/control/login.php' component. Due to inadequate sanitization of user-supplied input, an unauthenticated remote attacker can execute arbitrary SQL commands via time-based blind SQL injection. Additionally, a logic flaw allows the database query to be executed before Google reCAPTCHA validation, enabling a complete bypass of the captcha mechanism. |
|---|
| Source | ⚠️ https://github.com/zy606/Vulnerability-PoC/blob/main/README.md |
|---|
| User | Zyyyy (UID 96412) |
|---|
| Submission | 03/15/2026 15:19 (4 months ago) |
|---|
| Moderation | 03/31/2026 16:04 (16 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 278789 [SourceCodester Advocate Office Management System 1.0 /control/login.php Username sql injection] |
|---|
| Points | 0 |
|---|