Online Beauty Parlor Management System
Monthly
A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows high-privileged attackers to manipulate the searchdata parameter in /admin/search-appointment.php, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires administrative privileges to exploit and has a publicly disclosed proof-of-concept, though real-world exploitation risk is minimal given the EPSS score of 0.01% and the requirement for high-privilege access.
SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows authenticated high-privilege administrators to execute arbitrary SQL queries via the sername parameter in /admin/manage-services.php. The vulnerability requires high administrative privileges and has publicly available exploit code, though real-world impact is limited by its requirement for already-compromised admin accounts with no lateral movement or privilege escalation capability.
A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows high-privileged attackers to manipulate the searchdata parameter in /admin/search-appointment.php, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires administrative privileges to exploit and has a publicly disclosed proof-of-concept, though real-world exploitation risk is minimal given the EPSS score of 0.01% and the requirement for high-privilege access.
SQL injection in Campcodes Online Beauty Parlor Management System 1.0 allows authenticated high-privilege administrators to execute arbitrary SQL queries via the sername parameter in /admin/manage-services.php. The vulnerability requires high administrative privileges and has publicly available exploit code, though real-world impact is limited by its requirement for already-compromised admin accounts with no lateral movement or privilege escalation capability.