CVE-2025-6583
BaseFortify
Publication date: 2025-06-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mayurik | best_salon_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6583 is a critical SQL injection vulnerability in the SourceCodester Best Salon Management System version 1.0. It affects the file /view-appointment.php via the 'viewid' parameter. An authenticated attacker can inject malicious SQL code through this parameter, potentially compromising the database by stealing sensitive information or damaging data. The vulnerability arises from improper neutralization of special characters in the SQL command. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to remotely exploit the system to steal sensitive information, alter or delete data, and compromise the confidentiality, integrity, and availability of the affected system. Since the attack can be performed remotely and a public exploit exists, it poses a significant security risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable script 'view-appointment.php' and testing the 'viewid' parameter for SQL injection. One approach is to use Google dorking with queries like 'inurl:view-appointment.php' to identify potentially vulnerable targets. For active testing, authenticated users can attempt SQL injection payloads on the 'viewid' parameter to confirm exploitation. Specific commands depend on the tools used, but common methods include using curl or sqlmap with authentication to test the parameter. For example, sqlmap can be used with authentication cookies to test the 'viewid' parameter for injection. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations are currently available for this vulnerability. The suggested immediate step is to replace the affected product with an alternative that is not vulnerable. Additionally, restricting access to the affected script and monitoring for suspicious activity may help reduce risk until a fix or patch is available. [2]