CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5069 – SourceCodester Simple Online Mens Salon Management System view_service.php sql injection
https://notcve.org/view.php?id=CVE-2024-5069
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/menxin996/Cvehub/blob/main/Men's%20Salon%20Management%20System%20%20view_service.php%20has%20Sqlinjection.pdf https://vuldb.com/?ctiid.264926 https://vuldb.com/?id.264926 https://vuldb.com/?submit.336842 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3987 – SourceCodester Simple Online Mens Salon Management System sql injection
https://notcve.org/view.php?id=CVE-2023-3987
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. • https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/SQL%20Injection https://vuldb.com/?ctiid.235608 https://vuldb.com/?id.235608 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3986 – SourceCodester Simple Online Mens Salon Management System cross site scripting
https://notcve.org/view.php?id=CVE-2023-3986
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. • https://github.com/draco1725/POC/blob/main/Exploit/Simple%20Online%20Men's%20Salon%20Management%20System/Stored%20XSS https://vuldb.com/?ctiid.235607 https://vuldb.com/?id.235607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •