Volerion logoVolerion
Volerion logoVolerion

Projectworlds Life Insurance Management System SQL Injection Vulnerability in insertClient.php

Vulnerability

A critical SQL injection vulnerability has been identified in Projectworlds Life Insurance Management System version 1.0. The issue resides in the file insertClient.php, where the client_id parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially affecting other parameters as well.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the insertClient.php file with a crafted client_id parameter that includes SQL injection payloads. The injection point can be verified by observing the application's response, which may indicate successful exploitation, such as returning database information or application data that should not be accessible.

Added: Jun 16, 2025, 7:27 PM
Updated: Jun 16, 2025, 7:27 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
3.1
exploitability
9.1
remediation
0.0
relevance
0.2
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.