SourceCodester Kortex Lite Advocate Office Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Kortex Lite Advocate Office Management System version 1.0. The issue arises in the file edit_case.php, where the 'id' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized access and extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows attackers to inject malicious SQL queries, potentially leading to unauthorized access and extraction of sensitive database information. If the database user has elevated privileges, it could result in more severe consequences, such as gaining access to the server host.

Reproduction

The vulnerability can be reproduced by sending a crafted GET request to the edit_case.php file, including a payload that exploits the SQL injection flaw. This can be done using a tool like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.