CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
References
Link Resource
https://salonerp.sourceforge.io/ Product Third Party Advisory
https://www.exploit-db.com/exploits/50659 Exploit Third Party Advisory
https://sourceforge.net/projects/salonerp/files/latest/download Product Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:salonerp_project:salonerp:3.0.1:*:*:*:*:*:*:*

Information

Published : 2022-01-14 08:15

Updated : 2022-01-21 07:38


NVD link : CVE-2021-45406

Mitre link : CVE-2021-45406

Products Affected
No products.
CWE