code-projects Client Details System manage-users.php sql injection
CVE-2023-7140
9.8CRITICAL
Summary
A vulnerability has been identified in Code-Projects Client Details System 1.0, involving improper processing of the file /admin/manage-users.php. The manipulation of the 'id' argument can lead to SQL injection, which allows an attacker to execute arbitrary SQL commands, potentially compromising the security of the database. This vulnerability has been made public, raising concerns for users of the application. It is important for organizations using this software to address this issue promptly to mitigate potential exploitation.
Affected Version(s)
Client Details System 1.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Hamdi Sevben (VulDB User)