CVE-2024-3621 — SQL Injection in Kortex Lite Advocate Office Management System

CWE-89 — SQL Injection3 documents3 sources

Severity

7.2HIGHNVD

CNA4.7

EPSS

0.1%

top 77.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Kortex Lite Advocate Office Management System Mayurik Advocate Office Management System

Timeline

PublishedApr 11

Description

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sourcecodester/kortex_lite_advocate_office_management_system1.0

▶NVDmayurik/advocate_office_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Kortex Lite Advocate Office Management System register_case.php sql injection↗2024-04-11

▶

GHSA

GHSA-jqqv-px8m-v953: A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1↗2024-04-11

▶