Client Details System
CVE-2023-7138
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability.
AnalysisAI
A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability. Affected products include: Fabian Client Details System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Client Details System
View allA vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerabi
A vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerabi
A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic.php. Rated critical s
A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. Rated critical
A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Rated high
Stored cross-site scripting in code-projects Client Details System 1.0 allows an attacker who can submit customer record
A vulnerability was found in code-projects Client Details System 1.0. Rated medium severity (CVSS 4.8), this vulnerabili
SQL injection in code-projects Client Details System 1.0 allows authenticated remote attackers to manipulate the uid par
SQL injection in code-projects Client Details System 1.0 allows authenticated remote attackers to manipulate the ID para
Authentication bypass in code-projects Client Details System 1.0 allows authenticated remote attackers to gain unauthori
Stored cross-site scripting (XSS) in code-projects Client Details System 1.0 allows authenticated users with high privil
Cross-site scripting (XSS) in code-projects Client Details System 1.0 allows remote attackers with high privileges and u
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today