Vulnerability Details CVE-2021-27545
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 73.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://github.com/BigTiger2020/Beauty-Parlour-Management-System
- https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html
- https://www.exploit-db.com/exploits/49580
- https://github.com/BigTiger2020/Beauty-Parlour-Management-System
- https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html
- https://www.exploit-db.com/exploits/49580
Products affected by CVE-2021-27545
-
cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.0