CVE-2025-6861

A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add_plan.php. The manipulation of the argument plan_name/description/duration_days/price leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:best_salon_management_system:1.0:*:*:*:*:*:*:*

History

01 Jul 2025, 13:13

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-29 14:15

Updated : 2025-07-01 13:13


NVD link : CVE-2025-6861

Mitre link : CVE-2025-6861

CVE.ORG link : CVE-2025-6861


JSON object : View

Products Affected

mayurik

  • best_salon_management_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')