CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 3CVE-2021-27545
https://notcve.org/view.php?id=CVE-2021-27545
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. Una inyección SQL en el componente "add-services.php" del PHPGurukul Beauty Parlour Management System versión v1.0, permite a atacantes remotos obtener información confidencial de la base de datos mediante la inyección de comandos SQL en el parámetro "sername" • https://github.com/BigTiger2020/Beauty-Parlour-Management-System https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/49580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-27544
https://notcve.org/view.php?id=CVE-2021-27544
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el componente "add-services.php" de PHPGurukul Beauty Parlor Management System versión v1.0, permite a atacantes remotos ejecutar código arbitrario inyectando HTML arbitrario en el parámetro "sername" • https://github.com/BigTiger2020/Beauty-Parlour-Management-System https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •