CVE-2026-26883 - Vulnerability Analysis
LowCVSS: 2.7Last Updated: March 4, 2026
Sourcecodester Simple Online Men's Salon Management System - SQL Injection
Published: March 3, 2026Updated: March 4, 2026PoC AvailableRemote Exploitable
Overview
Sourcecodester Simple Online Men's Salon Management System v1.0 contains a sql injection caused by unsanitized input in /msms/classes/Master.php?f=delete_appointment, letting attackers execute arbitrary SQL commands remotely, exploit requires crafted request.
Severity & Score
Severity: Low
CVSS Score: 2.7
Impact
Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, modification, or deletion.
Mitigation
Update to the latest version with SQL injection fixes or apply proper input sanitization.
Related Resources
Details
- CVE ID
- CVE-2026-26883
- Severity
- Low
- CVSS Score
- 2.7
- Type
- sql_injection
- Status
- confirmed
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N