Mayurik Best Salon Management System

SourceCodester BSMS 1.0 Admin Profile XSS via Admin Name
CVE-2025-7144 4.8 - Medium - July 07, 2025

A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argument Admin Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

SourceCodester Best Salon Management System 1.0 XSS via Tax Name in Update Tax
CVE-2025-7143 5.4 - Medium - July 07, 2025

A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

XSS

XSS in SourceCodester Best Salon Mgmt System 1.0 /panel/search-appointment.php
CVE-2025-7142 5.4 - Medium - July 07, 2025

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

XSS

SourceCodester Best Salon Mmgt Sys 1.0 - Remote XSS in Update Staff (edit_plan.php)
CVE-2025-7141 5.4 - Medium - July 07, 2025

A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

XSS

XSS in SourceCodester Best Salon Mgmt 1.0 edit-staff.php
CVE-2025-7140 5.4 - Medium - July 07, 2025

A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

XSS

SourceCodester Best Salon Mgmt Sys 1.0: RSQLi via adminname in /panel/admin-profile.php
CVE-2025-7138 8.8 - High - July 07, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

XSS in Best Salon Management System 1.0 Update Customer Details Page
CVE-2025-7139 5.4 - Medium - July 07, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Critical SQLi in SourceCodester Best Salon Mgmt Sys 1.0 /panel/schedule-staff.php
CVE-2025-7137 8.8 - High - July 07, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/schedule-staff.php. The manipulation of the argument staff_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLI in edit-tax.php of SourceCodester Best Salon Management System 1.0
CVE-2025-6880 8.8 - High - June 30, 2025

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLi in Best Salon Management System 1.0 via add-tax.php
CVE-2025-6879 8.8 - High - June 30, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add-tax.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLi in SourceCodester Best Salon Mgmt Sys 1.0 - /panel/search-appointment.php
CVE-2025-6878 8.8 - High - June 30, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLi in SourceCodester BSMS 1.0 via editid in panel/edit-category.php
CVE-2025-6877 8.8 - High - June 30, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in SC Best Salon Management System 1.0 /panel/edit-subscription.php
CVE-2025-6875 8.8 - High - June 29, 2025

A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-subscription.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester Best Salon Mgmt 1.0 SQLi via /panel/add-category.php
CVE-2025-6876 8.8 - High - June 29, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/add-category.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester Best Salon Management System 1.0 SQLi via add_subscribe.php
CVE-2025-6874 8.8 - High - June 29, 2025

A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/add_subscribe.php. The manipulation of the argument user_id/plan_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in SourceCodester Best Salon Management System 1.0 – edit_plan.php via editid (Remote)
CVE-2025-6862 8.8 - High - June 29, 2025

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit_plan.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in SourceCodester Best Salon Mgmt Sys 1.0 via /panel/add_plan.php
CVE-2025-6861 8.8 - High - June 29, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add_plan.php. The manipulation of the argument plan_name/description/duration_days/price leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester Best Salon Management System 1.0 Critical SQLi in pro_sale.php
CVE-2025-6859 8.8 - High - June 29, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/pro_sale.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester Best Salon Management Sys 1.0 SQLi in staff_commision.php
CVE-2025-6860 8.8 - High - June 29, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/staff_commision.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in SC Best Salon Mgmt Sys 1.0 via bwdates-reports-details.php
CVE-2025-6609 8.8 - High - June 25, 2025

A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester BSM 1.0 SQLi via /panel/edit-services.php
CVE-2025-6608 8.8 - High - June 25, 2025

A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-services.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLi in SourceCodester Best Salon MGMT 1.0 /panel/edit-staff.php
CVE-2025-6605 8.8 - High - June 25, 2025

A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. This vulnerability affects unknown code of the file /panel/edit-staff.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester Best Salon Mgmt Sys 1.0 SQLi via add-services.php
CVE-2025-6606 8.8 - High - June 25, 2025

A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. This issue affects some unknown processing of the file /panel/add-services.php. The manipulation of the argument Type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SC Best Salon Eng. 1.0: Remote SQLi via /panel/stock.php ID
CVE-2025-6607 8.8 - High - June 25, 2025

A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/stock.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in SourceCodester Best Salon Mgmt Sys 1.0 /panel/add-staff.php
CVE-2025-6604 8.8 - High - June 25, 2025

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester Best Salon Mgt Sys 1.0 - SQLi via editid in /edit-cust-dtl.php
CVE-2025-6582 8.8 - High - June 25, 2025

A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /edit-customer-detailed.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLi in SourceCodester Best Salon Management System 1.0 /view-appointment.php
CVE-2025-6583 8.8 - High - June 25, 2025

A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /view-appointment.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLi in SourceCodester Best Salon Mgmt 1.0 /add-customer.php
CVE-2025-6581 8.8 - High - June 24, 2025

A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation of the argument name/email/mobilenum/gender/details/dob/marriage_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in SourceCodester Best Salon Management 1.0 Login
CVE-2025-6580 9.8 - Critical - June 24, 2025

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection