Complete Online Beauty Parlor Management System
Monthly
Stored or reflected cross-site scripting (XSS) in Campcodes Complete Online Beauty Parlor Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the fromdate parameter in /admin/bwdates-reports-details.php, potentially compromising admin sessions or stealing sensitive data. Public exploit code exists, but exploitation requires admin-level privileges and user interaction (likely clicking a malicious link), limiting real-world attack surface despite CVSS 1.9 indicating minimal risk.
A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Stored or reflected cross-site scripting (XSS) in Campcodes Complete Online Beauty Parlor Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the fromdate parameter in /admin/bwdates-reports-details.php, potentially compromising admin sessions or stealing sensitive data. Public exploit code exists, but exploitation requires admin-level privileges and user interaction (likely clicking a malicious link), limiting real-world attack surface despite CVSS 1.9 indicating minimal risk.
A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.