CVE-2024-6729

Name of the Vulnerable Software and Affected Versions SourceCodester Kortex Lite Advocate Office Management System version 1.0

Description A critical issue has been identified in the system, specifically affecting the /control/add act.php file. The manipulation of the aname argument leads to SQL injection. This issue can be exploited remotely, allowing an attacker to execute arbitrary SQL commands. The exploit has been publicly disclosed.

Recommendations For SourceCodester Kortex Lite Advocate Office Management System version 1.0, consider restricting access to the /control/add act.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the aname parameter in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.