Skip to main content

Client Details System CVE-2023-7138

HIGH
SQL Injection (CWE-89)
2023-12-28 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 28, 2023 - 22:15 nvd
HIGH 8.8

DescriptionNVD

A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability.

AnalysisAI

A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability. Affected products include: Fabian Client Details System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2023-7142 CRITICAL POC
9.8 Dec 29

A vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-7141 CRITICAL POC
9.8 Dec 29

A vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-7140 CRITICAL POC
9.8 Dec 28

A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic.php. Rated critical s

CVE-2023-7139 CRITICAL POC
9.8 Dec 28

A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. Rated critical

CVE-2023-7137 HIGH POC
8.8 Dec 28

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Rated high

CVE-2025-60302 MEDIUM POC
6.1 Oct 09

Stored cross-site scripting in code-projects Client Details System 1.0 allows an attacker who can submit customer record

CVE-2023-7143 MEDIUM POC
4.8 Dec 29

A vulnerability was found in code-projects Client Details System 1.0. Rated medium severity (CVSS 4.8), this vulnerabili

CVE-2025-11605 LOW POC
2.1 Oct 11

SQL injection in code-projects Client Details System 1.0 allows authenticated remote attackers to manipulate the uid par

CVE-2025-12243 LOW POC
2.1 Oct 27

SQL injection in code-projects Client Details System 1.0 allows authenticated remote attackers to manipulate the ID para

CVE-2025-12283 LOW POC
2.1 Oct 27

Authentication bypass in code-projects Client Details System 1.0 allows authenticated remote attackers to gain unauthori

CVE-2025-12282 LOW POC
1.9 Oct 27

Stored cross-site scripting (XSS) in code-projects Client Details System 1.0 allows authenticated users with high privil

CVE-2025-12279 LOW POC
1.9 Oct 27

Cross-site scripting (XSS) in code-projects Client Details System 1.0 allows remote attackers with high privileges and u

Share

CVE-2023-7138 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy