SQL Injection vulnerability in “B/W Dates Reports” page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via “todate” and “fromdate” parameters.
[
{
"cpes": [
"cpe:2.3:a:phpgurukul:client_management_system:-:*:*:*:*:*:*:*"
],
"vendor": "phpgurukul",
"product": "client_management_system",
"versions": [
{
"status": "affected",
"version": "1.0"
}
],
"defaultStatus": "unknown"
}
]