CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 75.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://salonerp.sourceforge.io/
https://sourceforge.net/projects/salonerp/files/latest/download
https://www.exploit-db.com/exploits/50659
https://salonerp.sourceforge.io/
https://sourceforge.net/projects/salonerp/files/latest/download
https://www.exploit-db.com/exploits/50659

Products affected by CVE-2021-45406

Salonerp Project » Salonerp » Version: 3.0.1

cpe:2.3:a:salonerp_project:salonerp:3.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-45406

Products

Pricing

Contact Us