CVE-2024-7640 Overview
CVE-2024-7640 is a SQL injection vulnerability [CWE-89] in SourceCodester Kortex Lite Advocate Office Management System 1.0, also distributed under the Mayurik brand. The flaw resides in the delete_register.php script, where the case_register_id parameter is passed to a database query without proper sanitization. Remote attackers with low privileges can manipulate this parameter to execute arbitrary SQL statements against the backend database. The exploit details have been disclosed publicly, increasing the risk of opportunistic attacks against exposed instances.
Critical Impact
Authenticated remote attackers can inject SQL through the case_register_id parameter in delete_register.php, leading to unauthorized data access, modification, or deletion within the legal case management database.
Affected Products
- SourceCodester Kortex Lite Advocate Office Management System 1.0
- Mayurik Advocate Office Management System 1.0
- Deployments referencing CPE cpe:2.3:a:mayurik:advocate_office_management_system:1.0
Discovery Timeline
- 2024-08-12 - CVE-2024-7640 published to the National Vulnerability Database
- 2024-08-15 - Last updated in NVD database
Technical Details for CVE-2024-7640
Vulnerability Analysis
The vulnerability exists in the delete_register.php endpoint of the Kortex Lite Advocate Office Management System. The script accepts a case_register_id argument from the HTTP request and incorporates it directly into a SQL DELETE statement. Because the application does not parameterize the query or validate the input type, an attacker can break out of the intended SQL context and append additional clauses.
Exploitation can be initiated over the network and requires only low-privileged access to the application. A successful attack allows reading sensitive case data, altering records, or destroying legal records managed by the platform. The disclosure of a public proof-of-concept raises the likelihood of scripted exploitation against internet-exposed deployments.
Root Cause
The root cause is improper neutralization of special elements used in a SQL command [CWE-89]. The case_register_id parameter flows from user input into the database query without prepared statements, parameter binding, or input validation. This classic injection pattern allows attacker-controlled strings to be parsed as SQL syntax by the database engine.
Attack Vector
The attack vector is network-based against the delete_register.php endpoint. An attacker authenticates to the application with any valid low-privileged account, then issues a crafted request that appends SQL syntax to the case_register_id parameter. The injected payload is executed by the database with the privileges of the application's database user, which typically permits full access to the application schema. Technical details and a reproduction walkthrough are documented in the GitHub PoC Repository and the VulDB entry #274061.
Detection Methods for CVE-2024-7640
Indicators of Compromise
- HTTP requests to delete_register.php containing SQL metacharacters such as single quotes, UNION, SLEEP(, or comment sequences (--, #) in the case_register_id parameter.
- Database error messages or anomalous response times tied to requests against delete_register.php.
- Unexpected DELETE, SELECT, or UNION-based queries in MySQL general or slow query logs originating from the Kortex application user.
Detection Strategies
- Inspect web server access logs for non-numeric values in the case_register_id query string or POST body.
- Deploy a web application firewall rule set that flags SQL injection signatures targeting PHP endpoints.
- Correlate authenticated session activity with subsequent database errors to identify probing behavior.
Monitoring Recommendations
- Enable verbose query logging on the MySQL backend and alert on statements that include tautologies or stacked queries from the application account.
- Monitor for sudden spikes in failed database operations or unusual record deletions in case management tables.
- Track outbound connections from the web server to detect data exfiltration following injection attempts.
How to Mitigate CVE-2024-7640
Immediate Actions Required
- Restrict access to the Kortex Lite Advocate Office Management System to trusted networks or VPN users until a fix is applied.
- Audit application accounts and revoke any unnecessary low-privilege access that could be leveraged to reach delete_register.php.
- Review database logs for evidence of prior exploitation, focusing on the case_register_id parameter.
Patch Information
No vendor advisory or official patch has been published for CVE-2024-7640 at the time of NVD publication. Operators should monitor the VulDB entry #274061 and the upstream SourceCodester project for updates. Until a vendor patch is available, source-level remediation requires replacing the vulnerable query in delete_register.php with a prepared statement that binds case_register_id as an integer parameter.
Workarounds
- Modify delete_register.php to cast case_register_id to an integer with intval() before use, and migrate the query to PDO or mysqli prepared statements with bound parameters.
- Deploy a web application firewall rule that blocks SQL metacharacters in requests targeting delete_register.php.
- Apply database least-privilege by limiting the application user to only the tables and operations required by the workflow.
# Example WAF rule (ModSecurity) blocking SQLi patterns on delete_register.php
SecRule REQUEST_URI "@contains /delete_register.php" \
"chain,deny,status:403,id:1007640,msg:'Block SQLi on case_register_id (CVE-2024-7640)'"
SecRule ARGS:case_register_id "@rx [^0-9]" "t:none"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
