CVE-2025-6580

Published Jun 24, 2025

Last updated 22 days ago

CVSS medium 6.9

Overview

Description: A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Source: cna@vuldb.com
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 6.9
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Secondary
Base score: 7.3
Impact score: 3.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: HIGH

CVSS 2.0

Type: Secondary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

cna@vuldb.com: CWE-74

Hype score: Not currently trending

CVE-2025-6580 A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The ma… https://t.co/xrFFfna2UF
@CVEnew
24 Jun 2025
781 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.