Haneen Gufran

**Name of the Vulnerable Software and Affected Versions** Client Management System version 1.0 **Description** A SQL injection issue was discovered in the Client Management System via the `Between Dates Reports` parameter at the "/admin/bwdates-reports-ds.php" API endpoint. **Recommendations** For Client Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/bwdates-reports-ds.php" API endpoint until a patch is available. Avoid using the `Between Dates Reports` parameter in this endpoint to minimize the risk of exploitation.