SQL Injection Vulnerability in SourceCodester Advocate Office Management System
CVE-2024-9318

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Advocate Office Management System
Vendor: CVE Published:; 28 September 2024

Summary

A significant SQL injection vulnerability has been identified in the Advocate Office Management System version 1.0 developed by SourceCodester. This flaw is located in the /control/activate.php file, where improper handling of user input in the 'id' parameter allows attackers to manipulate SQL queries. The vulnerability is remote and can be exploited by unauthorized users, potentially leading to unauthorized access to sensitive data within the system. Immediate action is recommended to mitigate the risks associated with this vulnerability. Further information can be found in various security reports and databases.

References

https://vuldb.com/?id.278822

https://vuldb.com/?ctiid.278822

https://vuldb.com/?submit.412749

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2024