SourceCodester Kortex Lite Advocate Office Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Kortex Lite Advocate Office Management System version 1.0. The issue arises in the deactivate_reg.php file, where the 'id' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized access and extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows attackers to inject and execute malicious SQL queries, potentially leading to unauthorized access and extraction of sensitive database information. If the database user has elevated privileges, this could result in more severe consequences, such as gaining access to the underlying server.

Reproduction

The vulnerability can be reproduced by sending a crafted GET request to the deactivate_reg.php file, including a payload that exploits the SQL injection flaw. This can be done using tools like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.