SourceCodester Simple Online Mens Salon Management System sql injection
CVE-2023-3987
Key Information:
- Vendor
- SourceCodester
- Vendor
- CVE Published:
- 28 July 2023
Badges
Summary
The Simple Online Mens Salon Management System version 1.0 by SourceCodester is susceptible to a SQL injection attack. This vulnerability exists in an unspecified function within the user management section of the application (/admin/?page=user/manage_user&id=3). By manipulating the 'id' parameter in a crafted HTTP request, an attacker may execute arbitrary SQL commands against the database, thereby compromising sensitive data. This vulnerability can be exploited remotely, allowing attackers to leverage public-facing services. The method of attack has been publicly disclosed, raising the urgency for users to apply necessary patches or mitigations to safeguard their systems.
Affected Version(s)
Simple Online Mens Salon Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved