2022-01-14 19:25:16
mitre
PUBLISHED
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using sql parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.