Required CVE Record Information
Description
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 5.3 | MEDIUM | 4.0 | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| 6.3 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 6.3 | MEDIUM | 3.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 6.5 | — | 2.0 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Credits
- bingbingliang (VulDB User) reporter
References 5 Total
- vuldb.com: VDB-300588 | SourceCodester Kortex Lite Advocate Office Management System edit_act.php sql injection vdb-entrytechnical-description
- vuldb.com: VDB-300588 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
- vuldb.com: Submit #517965 | Advocate office management system free download edit_act.php v1.0 SQL Injection third-party-advisory
- https://github.com/Hefei-Coffee/cve/issues/14 exploitissue-tracking
- https://www.sourcecodester.com/ product