CVE-2022-29751
Description
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in Simple Client Management System 1.0 allows remote attackers to extract database information via the id parameter.
Vulnerability
Simple Client Management System 1.0 is vulnerable to SQL injection in the /cms/classes/Master.php?f=delete_client endpoint. The id parameter is not sanitized, allowing an attacker to inject arbitrary SQL queries via a POST request. This affects version 1.0 as distributed by SourceCodester [1].
Exploitation
An attacker must be authenticated as an administrator to reach the vulnerable function. By intercepting the delete request, the attacker can modify the id parameter to include a SQL injection payload, such as 1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+, and send it via POST. The server will execute the injected query and return the result in an error message [1].
Impact
Successful exploitation allows an attacker to extract sensitive information from the database, including the database name, user credentials, and other data. This can lead to further compromise of the application and its data [1].
Mitigation
As of the publication date, no official patch has been released. Developers should sanitize user input in the id parameter, preferably by using prepared statements or parameterized queries. The vendor has not addressed this vulnerability [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Simple Client Management System/Simple Client Management Systemdescription
- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.