CVE-2021-44600
HIGHSimple Online Men's Salon Management System 1.0 - SQL Injection via Password Parameter
Title source: llmDescription
The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/MSMS
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
oretnom23/simple_online_men\'s_salon_management_system
1.0
Published
Dec 23, 2021
Tracked Since
Feb 18, 2026