2 matches found
CVE-2021-45406
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...
CVE-2021-45406
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payloads via the 'sql' parameter during report generation. This can lead to exposure of the admin password hash, which reportedly can be decrypted to obtain the plaintext password. No explicit fix is provided in the sup...