CVE Details
Basic Information
| Title | Campcodes Beauty Salon Management System edit_product.php sql injection |
|---|---|
| Type | cve |
| Published | 2023-07-21T02:31:03.744Z |
| Modified | 2024-08-02T07:08:50.324Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Beauty Salon Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
AI Analysis
| AI Description | A SQL injection vulnerability exists in the edit_product.php file of Campcodes Beauty Salon Management System version 1.0. This vulnerability allows remote attackers to inject malicious SQL code by manipulating the ‘id’ argument, potentially leading to unauthorized data access or modification. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Campcodes |
| AI Product | Beauty Salon Management System |
| AI Version | 1.0 |
Affected Products
- Campcodes Beauty Salon Management System 1.0
Additional Information
| CWE List | CWE-89 |
|---|---|
| Source | VulDB |
Description
A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235075.