SQL Injection Vulnerability in Best Free Law Office Management Software by Kortex
CVE-2024-44430

9.8CRITICAL

Key Information:

Vendor: Mayurik
Status: Best Free Law Office Management
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-44430?

A SQL Injection vulnerability in the Best Free Law Office Management Software version 1.0 permits an attacker to execute arbitrary code and retrieve sensitive information. This exploitation occurs through a crafted payload directed at the kortex_lite/control/register_case.php interface, posing significant security risks. Organizations utilizing this software should assess their exposure and consider implementing appropriate mitigation strategies to protect sensitive data and maintain system integrity.

References

https://blog.csdn.net/samwbs/article/details/140954482

https://github.com/samwbs/kortexcve/blob/main/xss_registe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Aug 21, 2024

Mayurik

What is CVE-2024-44430?

References

CVSS V3.1

Timeline