CVE-2025-12243

CWE-74CWE-89SQL InjectionCWE-4074 documents4 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 92.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Code-projects Client Details SystemFabian Client Details System
Timeline
PublishedOct 27

Description

A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
code-projects Client Details System GET Parameter welcome.php sql injection2025-10-27
GHSA
GHSA-8m33-8c75-28hv: A vulnerability was found in code-projects Client Details System 12025-10-27

📋Vendor Advisories

1
Microsoft
Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos2025-02-11
CVE-2025-12243 (MEDIUM CVSS 5.3) | A vulnerability was found in code-p | cvebase.io