CVE-2024-39658SQL Injection in Salon Booking System

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGHNVD
CNA7.6
EPSS
0.8%
top 26.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Salonbookingsystem Salon Booking SystemSalon Booking System
Timeline
PublishedAug 29

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
WordPress Salon Booking System plugin <= 10.7 - Authenticated SQL Injection vulnerability2024-08-29
GHSA
GHSA-992c-4m5h-875p: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows2024-08-29
CVE-2024-39658 — SQL Injection in Salon Booking System | cvebase