CVE-2024-3621

Name of the Vulnerable Software and Affected Versions SourceCodester Kortex Lite Advocate Office Management System version 1.0

Description A critical issue was found in the system, affecting the /control/register case.php file. The manipulation of the arguments title, case no, client name, court, case type, case stage, legel acts, description, filling date, hearing date, opposite lawyer, total fees, unpaid leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Kortex Lite Advocate Office Management System version 1.0, as a temporary workaround, consider restricting access to the /control/register case.php file until a patch is available. Avoid using the vulnerable arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.