CVE-2025-12325

Name of the Vulnerable Software and Affected Versions SourceCodester Best Salon Management System version 1.0

Description An issue exists in the '/panel/forgot-password.php' file where the manipulation of the email argument allows for remote SQL injection. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database.

Recommendations Avoid using the email parameter in the '/panel/forgot-password.php' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.