High severity8.8NVD Advisory· Published Jan 14, 2022· Updated Jun 17, 2026
CVE-2021-45406
CVE-2021-45406
Description
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SalonERP/SalonERPdescription
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50659nvdExploitThird Party AdvisoryVDB Entry
- salonerp.sourceforge.ionvdProductThird Party Advisory
- sourceforge.net/projects/salonerp/files/latest/downloadnvdProductThird Party Advisory
News mentions
0No linked articles in our index yet.