Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-7137

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGH

EPSS

4.6%

top 10.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Code-projects Client Details System Fabian Client Details System

Timeline

PublishedDec 28

Latest updateMar 12

Description

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249140.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5code-projects/client_details_system1.0

▶NVDfabian/client_details_system1.0

🔴Vulnerability Details

GHSA

GHSA-w6m2-2fmm-j9mc: A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1↗2023-12-29

▶

CVEList

code-projects Client Details System HTTP POST Request sql injection↗2023-12-28

▶

💥Exploits & PoCs

Exploit-DB

Client Details System 1.0 - SQL Injection↗2024-03-12

▶