CVE-2024-44430

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:best_free_law_office_management:1.0:*:*:*:*:*:*:*

History

19 Sep 2024, 01:38

Type Values Removed Values Added
CWE CWE-89
References () https://blog.csdn.net/samwbs/article/details/140954482 - () https://blog.csdn.net/samwbs/article/details/140954482 - Exploit, Third Party Advisory
References () https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md - () https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md - Not Applicable
CPE cpe:2.3:a:mayurik:best_free_law_office_management:1.0:*:*:*:*:*:*:*
First Time Mayurik best Free Law Office Management
Mayurik

16 Sep 2024, 15:35

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de inyección SQL en Best Free Law Office Management Software-v1.0 permite a un atacante ejecutar código arbitrario y obtener información confidencial a través de un payload manipulado para la interfaz kortex_lite/control/register_case.php
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-94

13 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-13 20:15

Updated : 2024-09-19 01:38


NVD link : CVE-2024-44430

Mitre link : CVE-2024-44430

CVE.ORG link : CVE-2024-44430


JSON object : View

Products Affected

mayurik

  • best_free_law_office_management
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')