Vulnerability Key Information Vulnerability ID: - VDB-260274 - CVE-2024-3618 - GCVE-100-260274 Vulnerability Name: - SourceCodester Kortex Lite Advocate Office Management System 1.0 activate_case.php ID SQL Injection CVSS Meta Temp Score: - 4.5 Current Exploit Price: - $0-$5k CTI Interest Score: - 0.00 Vulnerability Summary: - A critical vulnerability was discovered in unknown code within SourceCodester Kortex Lite Advocate Office Management System 1.0. Manipulation of the ID parameter in the file /control/activate_case.php leads to SQL injection. This vulnerability is cataloged as CVE-2024-3618. The attack can be initiated remotely. Additionally, an exploit is available. Vulnerability Details: - A critical vulnerability was found in an unknown function within the file /control/activate_case.php of SourceCodester Kortex Lite Advocate Office Management System 1.0. Manipulation of the parameter Id, which contains unknown input, results in an SQL injection vulnerability. CWE classifies the issue as CVE-89. The product constructs whole or partial SQL commands using input from upstream components, but does not neutralize or improperly neutralizes special elements that can alter the intended SQL command when sent to downstream components. This impacts confidentiality, integrity, and availability. Announcement Link: - github.com Transaction Vulnerability Identifier: - CVE-2024-3618 Exploit Difficulty: - Easy Attack Initiation Method: - Attack can be initiated remotely Additional Authentication Required for Successful Exploitation: - Required Technical Details and Public Exploit: - Known