CVE-2023-7138

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Dec 28, 2023
Updated: Mar 21, 2024
CWE ID 89

Summary

CVE-2023-7138 is a critical vulnerability found in code-projects Client Details System 1.0, specifically in the HTTP POST Request Handler component's /admin file. This vulnerability allows for SQL injection through manipulation of the username argument. It has been disclosed to the public, increasing the risk of exploitation. The vulnerability has a CVSS v3.1 base score of 6.3, indicating a medium severity level. No privileges are required for exploitation, and there is no user interaction required. The attack vector is an adjacent network, and the impact on integrity and confidentiality is low. Remediation measures should be taken promptly to address this vulnerability and mitigate potential harm to organizations using the affected software.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-7138 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options