CVE-2023-7138 | code-projects Client Details System 1.0 HTTP POST Request /admin username sql injection

Posted by Angelo Barbosa | Dec 28, 2023 | CVE

A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection.

This vulnerability is uniquely identified as CVE-2023-7138. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

CVE-2023-7138 | code-projects Client Details System 1.0 HTTP POST Request /admin username sql injection

Related Posts

CVE-2024-8418 | Aardvark-dns 1.12.0/1.12.1 TCP Query denial of service

CVE-2024-22220 | Terminalfour up to 7.4.0004/8.3.19 cross site scripting

CVE-2024-6685 | GitLab Community Edition/Enterprise Edition up to 17.1.6/17.2.4/17.3.1 Group Member authorization (Issue 472012)

CVE-2023-4731 | LadiApp Plugin up to 4.4 on WordPress init_endpoint cross-site request forgery