← voltar
CVE-2021-45406

CVE-2021-45406

EPSS 1.8%
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://salonerp.sourceforge.io/https://sourceforge.net/projects/salonerp/files/latest/downloadhttps://www.exploit-db.com/exploits/50659