CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3884 – Campcodes Beauty Salon Management System edit_product.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-3884
A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%2016.pdf https://vuldb.com/?ctiid.235246 https://vuldb.com/?id.235246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3883 – Campcodes Beauty Salon Management System add-category.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-3883
A vulnerability, which was classified as problematic, was found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/add-category.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%2015.pdf https://vuldb.com/?ctiid.235245 https://vuldb.com/?id.235245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3882 – Campcodes Beauty Salon Management System edit-accepted-appointment.php sql injection
https://notcve.org/view.php?id=CVE-2023-3882
A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-accepted-appointment.php. The manipulation of the argument contactno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%2014.pdf https://vuldb.com/?ctiid.235244 https://vuldb.com/?id.235244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3881 – Campcodes Beauty Salon Management System forgot-password.php sql injection
https://notcve.org/view.php?id=CVE-2023-3881
A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%2013.pdf https://vuldb.com/?ctiid.235243 https://vuldb.com/?id.235243 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3880 – Campcodes Beauty Salon Management System del_service.php sql injection
https://notcve.org/view.php?id=CVE-2023-3880
A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/del_service.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Beauty%20Salon%20Management%20System/Beauty%20Salon%20Management%20System%20-%20vuln%2012.pdf https://vuldb.com/?ctiid.235242 https://vuldb.com/?id.235242 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •