### Key Information 1. **Vulnerability ID**: - VDB-278822 - CVE-2024-9318 2. **Affected Product**: - SourceCodester Advocate Office Management System 1.0 3. **Vulnerability Description**: - **Type**: SQL Injection - **Affected File**: `/control/activate.php` - **Issue**: SQL injection caused by passing unknown input via the `id` parameter in an unknown code block. - **CWE ID**: CWE-89 4. **CVSS Meta Temp Score**: 6.0 5. **Current Exploit Price**: $0–$5k 6. **CTI Interest Score**: 3.17 7. **Impact**: - Confidentiality - Integrity - Availability 8. **Vulnerability Details**: - This vulnerability arises when SQL commands are constructed from external, untrusted input from upstream components, without proper neutralization or sanitization of special elements, potentially allowing downstream SQL commands to be modified. - Impacts include confidentiality, integrity, and availability. 9. **Vulnerability Disclosure**: - Publicly disclosed - Remotely exploitable - Known exploitation difficulty: Low 10. **Exploit**: - **Exploit Link**: [GitHub](https://github.com) - **Vulnerability ID**: CVE-2024-9318 - **Exploit Type**: T1505 (MITRE ATT&CK) 11. **Exploit Tools**: - **Tool**: [GitHub](https://github.com) - **Type**: Proof of Concept 12. **Recommended Actions**: - Replace the affected component 13. **Related Vulnerabilities**: - VDB-278789 - VDB-278790 - VDB-278837 ### Summary This vulnerability is an SQL injection affecting the `/control/activate.php` file in SourceCodester Advocate Office Management System 1.0. It allows attackers to construct SQL commands via external, untrusted input, potentially compromising confidentiality, integrity, and availability. The vulnerability has been publicly disclosed, is remotely exploitable, and has a low exploitation difficulty. It is recommended to replace the affected component.