Salonerp Project Salonerp — known CVE vulnerabilities
Every CVE whose affected-product data names Salonerp Project Salonerp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-45406 — CVSS 8.8 (high): In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a…
CVE-2022-42753 — CVSS 6.1 (medium): SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does…