CVE Details
Basic Information
| Title | Campcodes Complete Online Beauty Parlor Management System forgot-password.php sql injection |
|---|---|
| Type | cve |
| Published | 2024-03-21T21:00:09.199Z |
| Modified | 2024-08-01T19:25:41.544Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Complete Online Beauty Parlor Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
AI Analysis
| AI Description | A SQL injection vulnerability in the forgot-password.php file of Campcodes’ Complete Online Beauty Parlor Management System allows remote attackers to manipulate the email argument, potentially leading to unauthorized access. The exploit is publicly disclosed, increasing the risk of exploitation. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Campcodes |
| AI Product | Complete Online Beauty Parlor Management System |
| AI Version | 1.0 |
Affected Products
- Campcodes Complete Online Beauty Parlor Management System 1.0
Additional Information
| CWE List | CWE-89 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603.