Pet Grooming Management Software
Monthly
File and directory information exposure in SourceCodester Pet Grooming Management Software 1.0 allows remote unauthenticated attackers to enumerate internal file and directory structures via the /admin/ endpoint. The root cause is CWE-538 (Deployment of Code to Unauthorized Actors / File and Directory Information Exposure), and a proof-of-concept exploit has been publicly released on GitHub. While not listed in CISA KEV and carrying only low confidentiality impact, the absence of any authentication requirement and the public POC lower the bar for exploitation significantly.
Improper authorization in SourceCodester Pet Grooming Management Software 1.0 allows authenticated remote attackers to gain unauthorized access to the Financial Report Page, potentially viewing or modifying sensitive financial data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at risk of information disclosure and data manipulation.
The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
File and directory information exposure in SourceCodester Pet Grooming Management Software 1.0 allows remote unauthenticated attackers to enumerate internal file and directory structures via the /admin/ endpoint. The root cause is CWE-538 (Deployment of Code to Unauthorized Actors / File and Directory Information Exposure), and a proof-of-concept exploit has been publicly released on GitHub. While not listed in CISA KEV and carrying only low confidentiality impact, the absence of any authentication requirement and the public POC lower the bar for exploitation significantly.
Improper authorization in SourceCodester Pet Grooming Management Software 1.0 allows authenticated remote attackers to gain unauthorized access to the Financial Report Page, potentially viewing or modifying sensitive financial data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at risk of information disclosure and data manipulation.
The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.