### Key Information 1. **Vulnerability ID**: - VDB-278837 - CVE-2024-9328 2. **Affected Software**: - SourceCodester Advocate Office Management System 1.0 3. **Vulnerability Type**: - SQL Injection 4. **Affected Component**: - /control/edit_client.php 5. **CVSS Meta Temp Score**: - 6.0 6. **Current Vulnerability Price**: - $0-$5k 7. **CTI Interest Score**: - 3.83 8. **Vulnerability Description**: - The vulnerability exists in the file /control/edit_client.php of SourceCodester Advocate Office Management System 1.0. Manipulation of the parameter `id` through unknown input leads to SQL injection. This issue affects some unknown processing logic, resulting in improper construction or insufficient neutralization of special elements in SQL commands, which may alter the intended SQL commands when sent to downstream components. 9. **Impact**: - Affects confidentiality, integrity, and availability. 10. **Vulnerability Identification**: - CVE-2024-9328 11. **Exploitability**: - Publicly disclosed, potentially exploitable. 12. **Technical Details and Public Exploits**: - Known exploitation is easy and can be initiated remotely. 13. **MITRE ATT&CK Technique**: - Uses T1505 technique. 14. **Exploitation Tools**: - Targets can be identified by searching for `inurl:control/edit_client.php`. 15. **Recommended Mitigation**: - Replace the affected component. 16. **Related Vulnerability IDs**: - VDB-278789, VDB-278790, VDB-278822 ### Summary This vulnerability is an SQL injection flaw located in the /control/edit_client.php file of SourceCodester Advocate Office Management System 1.0. It can be exploited remotely and impacts the confidentiality, integrity, and availability of the system. It is recommended to replace the affected component to remediate this vulnerability.