PT-2023-32898 · Code Projects · Code-Projects Client Details System

Hamdi Sevben

Published

2023-12-28

Updated

2025-10-29

CVE-2023-7137

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0

Description A critical issue has been found in the component HTTP POST Request Handler, where the manipulation of the uemail argument leads to sql injection. The exploit has been disclosed to the public and may be used.

Recommendations For code-projects Client Details System version 1.0, consider disabling the HTTP POST Request Handler or restricting access to it until a patch is available. Avoid using the uemail argument in the affected HTTP POST request handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-7137

Affected Products

Code-Projects Client Details System

PT-2023-32898 · Code Projects · Code-Projects Client Details System

CVE-2023-7137

Weakness Enumeration

Related Identifiers

Affected Products

References · 9