CVE-2021-44600

Name of the Vulnerable Software and Affected Versions: Simple Online Mens Salon Management System (MSMS) version 1.0

Description: The password parameter appears to be vulnerable to SQL injection attacks, allowing an attacker to retrieve all authentication and information about the users of this system. The predictive tests of this application interacted with the domain, indicating that the injected SQL query was executed.

Recommendations: For Simple Online Mens Salon Management System (MSMS) version 1.0, consider disabling the password parameter until a patch is available to prevent SQL injection attacks. Restrict access to sensitive user information to minimize the risk of exploitation. Avoid using the password parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.