In SalonERP 3.0.1, a SQL injection vulnerability allows an malicious user to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
salonerp project salonerp 3.0.1 |