8 matches found
CVE-2024-5069
The CVE-2024-5069 vulnerability affects SourceCodester Simple Online Mens Salon Management System 1.0, specifically the view_service.php file. Affected functionality allows manipulation of the id argument, leading to SQL injection . The issue can be exploited remotely, and the vulnerability has b...
CVE-2023-3987
CVE-2023-3987 affects SourceCodester Simple Online Mens Salon Management System 1.0. The vulnerability is a SQL injection in the file path /admin/?page=user/manage_user&id=3 (parameter id) that can be manipulated remotely. Multiple sources confirm an exploitation vector and public disclosure of t...
CVE-2021-44600
The CVE-2021-44600 entry concerns Simple Online Mens Salon Management System (MSMS) 1.0, where the password parameter is vulnerable to SQL injection. Connected sources (PT-2021-24139) provide concrete details: the vulnerability resides in the password parameter and can allow an attacker to retrie...
CVE-2023-3986
SourceCodester Simple Online Mens Salon Management System v1.0 exposes a cross-site scripting vulnerability in the /admin/?page=user/list endpoint. The issue arises from unsafely handling the First Name/Last Name/Username fields, allowing an attacker to inject script. The vulnerability is potenti...
CVE-2026-26884
The CVE describes a SQL Injection vulnerability in Sourcecodester Online Men’s Salon Management System v1.0, specifically affecting the PHP endpoint /msms/admin/appointments/view_appointment.php. The affected component is the appointments view logic, with the root cause identified as an injection...
CVE-2026-26885
CVE-2026-26885 affects the Sourcecodester Online Men's Salon Management System v1.0. The vulnerability is an SQL Injection in the endpoint /classes/Master.php?f=delete_service, caused by unsafe SQL handling in the related function. The impact is described as low with no user interaction required,...
CVE-2026-26883
CVE-2026-26883 affects Sourcecodester Online Men’s Salon Management System v1.0. Affected component: SQL injection vulnerability in /msms/classes/Master.php?f=delete_appointment due to unsanitized input. Reported across multiple sources (NVD, Red Hat, CVE List, etc.). CVSS v3.1 vector: AV:N/AC:L/...
CVE-2026-26886
CVE-2026-26886 affects Sourcecodester Online Men’s Salon Management System v1.0. The vulnerability is a SQL Injection in the admin path /admin/services/manage_service.php, caused by unsanitized input that allows injection into SQL queries. Multiple sources (Red Hat, NVD, CVE list, Attackerkb, CVE...