CVE-2021-45406

Name of the Vulnerable Software and Affected Versions SalonERP version 3.0.1

Description A SQL injection issue allows an attacker to inject a payload using the sql parameter in a SQL query while generating a report. This can lead to the discovery of the login admin password hash, which can then be decrypted to obtain the plain-text password.

Recommendations For SalonERP version 3.0.1, as a temporary workaround, consider restricting access to the report generation feature until a patch is available. Avoid using the sql parameter in SQL queries to minimize the risk of exploitation.