Lucene search
K
FabianClient Details System

16 matches found

CVE
CVE
added 2023/12/28 10:0 p.m.66 views

CVE-2023-7138

The CVE-2023-7138 entry applies to code-projects Client Details System 1.0. Affected component: HTTP POST Request Handler (file area /admin). Root cause: manipulation of the username argument enables SQL injection. Impact details in sources indicate high risk across confidentiality, integrity, an...

8.8CVSS7.8AI score0.00701EPSS
CVE
CVE
added 2023/12/28 9:31 p.m.64 views

CVE-2023-7137

CVE-2023-7137 affects code-projects Client Details System 1.0. Multiple connected documents confirm a SQL injection in the HTTP POST Request Handler via the uemail parameter (in /clientdetails/), with the vulnerable software version reported as 1.0. The issue is described as critical, with exploi...

8.8CVSS7.7AI score0.17026EPSS
Web
CVE
CVE
added 2023/12/28 10:31 p.m.57 views

CVE-2023-7139

The CVE-2023-7139 entry affects the code-projects Client Details System 1.0 . A vulnerability exists in the file /admin/regester.php of the HTTP POST Request Handler where manipulation of the arguments fname , lname , email , and contact leads to an SQL injection . The vulnerability has been disc...

9.8CVSS7.4AI score0.00644EPSS
Web
CVE
CVE
added 2023/12/29 12:0 a.m.50 views

CVE-2023-7142

Summary (CVE-2023-7142): Code-Projects Client Details System 1.0 contains a SQL injection in /admin/clientview.php via the ID parameter. The vulnerability arises from manipulation of the ID argument, with public disclosure of the exploit. NVD lists CVSS-3.1 scores ranging from 9.8 (CRITICAL) to o...

9.8CVSS6.1AI score0.00644EPSS
Web
CVE
CVE
added 2023/12/29 12:31 a.m.49 views

CVE-2023-7143

Code-projects Client Details System 1.0 has a cross-site scripting vulnerability in /admin/regester.php. The issue arises from manipulation of fname, lname, email, or contact, enabling likely remote exploitation. Connected sources (NVD/NVD-derived entries and PT-Security) confirm the vulnerabilit...

4.8CVSS4.2AI score0.00537EPSS
Web
CVE
CVE
added 2023/12/28 11:0 p.m.48 views

CVE-2023-7140

CVE-2023-7140 affects code-projects Client Details System 1.0. The vulnerability arises from manipulating the id parameter in /admin/manage-users.php, leading to a SQL injection. Multiple connected sources corroborate an in-the-wild exploit and public disclosure. The exact impacted versions and a...

9.8CVSS7.3AI score0.00644EPSS
Web
CVE
CVE
added 2023/12/28 11:31 p.m.43 views

CVE-2023-7141

CVE-2023-7141 affects code-projects Client Details System 1.0. The vulnerability lies in the /admin/update-clients.php function, where the uid parameter can be manipulated to perform SQL injection. Documents consistently identify this as SQL injection and indicate that the exploit has been disclo...

9.8CVSS7.3AI score0.00644EPSS
Web
CVE
CVE
added 2025/06/21 11:0 p.m.34 views

CVE-2025-6446

CVE-2025-6446 affects code-projects Client Details System 1.0, where SQL injection arises from lack of validation of the Username parameter in /clientdetails/admin/index.php. The issue allows remote exploitation, with publicly disclosed exploits and potential disclosure/exfiltration of database d...

9.8CVSS7.5AI score0.00394EPSS
Web
CVE
CVE
added 2025/10/27 1:32 p.m.29 views

CVE-2025-12282

The CVE-2025-12282 entry concerns code-projects Client Details System 1.0. A cross-site scripting (XSS) vulnerability exists in the /admin/manage-users.php file, arising from lack of proper filtering/escaping of user-supplied data in the affected element. The vulnerability is exploitable remotely...

4.8CVSS3.1AI score0.0026EPSS
CVE
CVE
added 2025/10/27 1:32 p.m.18 views

CVE-2025-12281

The CVE-2025-12281 entry concerns code-projects Client Details System 1.0. A Cross-Site Scripting vulnerability affects the file /admin/clientview.php due to lack of proper input filtering/escaping in an unknown function. Multiple connected sources corroborate remote exploitability and publicly d...

5.4CVSS3.2AI score0.00225EPSS
CVE
CVE
added 2025/10/09 12:0 a.m.18 views

CVE-2025-60302

The CVE-2025-60302 entry concerns code-projects Client Details System 1.0, with a Cross-Site Scripting (XSS) vulnerability in the username field when adding customer information. Connected sources (e.g., PT-2025-41391, CNVD/CNNVD, Red Hat and NVD entries) consistently describe an XSS issue arisin...

6.1CVSS6.2AI score0.00213EPSS
CVE
CVE
added 2025/10/27 1:2 p.m.17 views

CVE-2025-12279

CVE-2025-12279 affects code-projects Client Details System 1.0, with a cross-site scripting flaw in /welcome.php due to insufficient input filtering/escaping. The vulnerability is remote-exploitable and has been publicly disclosed; CVSS indicators show MEDIUM impact with LOW confidentiality/integ...

4.8CVSS5.3AI score0.00235EPSS
CVE
CVE
added 2025/10/27 1:32 p.m.15 views

CVE-2025-12280

Code-projects Client Details System 1.0 has a cross-site scripting vulnerability in the update-clients.php processing path. Multiple sources (CNVD, RH, EUVD, NVD, CVE listing, and related advisories) describe that lack of proper filtering/escaping of user-supplied data in /update-clients.php enab...

5.4CVSS3.4AI score0.00225EPSS
CVE
CVE
added 2025/10/11 2:32 p.m.14 views

CVE-2025-11605

The CVE-2025-11605 entry concerns code-projects Client Details System 1.0. The vulnerability is in the file /admin/update-profile.php, where manipulation of the uid parameter leads to an SQL injection. It is exploitable remotely, and the exploit is publicly available. Affected component: /admin/u...

8.8CVSS6.4AI score0.00332EPSS
Web
CVE
CVE
added 2025/10/27 7:2 a.m.14 views

CVE-2025-12243

CVE-2025-12243 affects code-projects Client Details System 1.0. The vulnerability is in the GET Parameter Handler, specifically the file clientdetails/welcome.php; manipulating the ID parameter can cause SQL injection. The issue is exploitable remotely, and exploits have been published. Multiple ...

8.8CVSS6.5AI score0.00343EPSS
Web
CVE
CVE
added 2025/10/27 2:2 p.m.14 views

CVE-2025-12283

CVE-2025-12283 affects code-projects Client Details System 1.0. The vulnerability is an authorization bypass via an unknown function, exploitable remotely, with an exploit publicly released. Connected sources confirm the same description across CNVD, RH, CNNVD/CVELIST variants. No specific affect...

8.1CVSS4.8AI score0.00433EPSS