Simple Client Management System is a simple client management system from Carlo Montero’s personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Master. php?f=delete_invoice, the id parameter of the post request lacks validation for external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data.