← back
CVE-2021-45406

CVE-2021-45406

EPSS 1.8%
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://salonerp.sourceforge.io/https://sourceforge.net/projects/salonerp/files/latest/downloadhttps://www.exploit-db.com/exploits/50659