CVE Details
Basic Information
| Title | Projectworlds Life Insurance Management System insertClient.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-16T18:31:04.855Z |
| Last Seen |
Product Information
| Vendor | Projectworlds |
|---|---|
| Product | Life Insurance Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the client_id argument of insertClient.php in Projectworlds Life Insurance Management System 1.0. This allows remote attackers to execute arbitrary SQL commands, potentially leading to data breaches or system compromise. |
|---|---|
| AI Severity | High |
| Vendor | Projectworlds |
| Product | Life Insurance Management System |
| Affected Version | 1.0 |
Affected Products
- Projectworlds Life Insurance Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
- https://vuldb.com/?id.312603
- https://vuldb.com/?ctiid.312603
- https://vuldb.com/?submit.592839
- https://github.com/YZS17/CVE/blob/main/Life_Insurance_Management_System/sqli_insertClient_client_id.md
- https://github.com/YZS17/CVE/blob/main/Life_Insurance_Management_System/sqli_insertClient_client_id.md#poc
Description
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument client_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.