PT-2024-31152 · Unknown · Best Free Law Office Management
Samwbs
·
Published
2024-09-13
·
Updated
2024-09-19
·
CVE-2024-44430
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Best Free Law Office Management Software version 1.0
Description
The issue allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the "kortex lite/control/register case.php" interface. This enables remote access to sensitive case data.
Recommendations
For Best Free Law Office Management Software version 1.0, patch immediately and review logs for signs of compromise. As a temporary workaround, consider restricting access to the "kortex lite/control/register case.php" interface until a patch is available.
Exploit
Fix
SQL injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Best Free Law Office Management