CVE-2026-26885
SQL Injection in Simple Online Men's Salon Management System
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oretnom23 | simple_online_men's_salon_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the SQL injection flaw in the POST request parameter `id` at the endpoint `/msms/classes/Master.php?f=delete_service`.'}, {'type': 'paragraph', 'content': 'A typical detection method involves sending a crafted POST request with a payload designed to trigger an SQL error or reveal database information.'}, {'type': 'list_item', 'content': 'Use a command-line tool like curl to send a POST request with an injection payload, for example:'}, {'type': 'list_item', 'content': 'curl -X POST \'http://target/msms/classes/Master.php?f=delete_service\' -d "id=3\' and updatexml(1,concat(0x7e,database(),0x7e),1)#" -H "Cookie: PHPSESSID=your_session_id"'}, {'type': 'paragraph', 'content': 'If the response contains database error messages or reveals the database name (e.g., `msms_db`), it confirms the presence of the SQL injection vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and validating all user inputs, especially the `id` parameter in the `delete_service` function.
Implement prepared statements or parameterized queries to prevent SQL injection.
Restrict access to the vulnerable endpoint to authenticated and authorized users only.
Monitor logs for suspicious POST requests to `/msms/classes/Master.php?f=delete_service` and block or alert on malicious patterns.
If possible, apply patches or updates from the vendor or source to fix the vulnerability.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-26885 is an SQL injection vulnerability in the Simple Online Men's Salon Management System v1.0 by Sourcecodester. It exists in the delete_service function located in the file /msms/classes/Master.php. The vulnerability occurs because the application does not properly sanitize or parameterize the id parameter received via a POST request."}, {'type': 'paragraph', 'content': "An attacker can exploit this flaw by injecting malicious SQL code through the id parameter. For example, using a payload like id=3' and updatexml(1,concat(0x7e,database(),0x7e),1)# allows the attacker to trigger an error-based SQL injection that reveals the current database name."}, {'type': 'paragraph', 'content': 'This vulnerability enables unauthorized disclosure of database information and can be exploited within an authenticated session.'}] [1]
How can this vulnerability impact me? :
This SQL injection vulnerability can lead to unauthorized disclosure of sensitive database information, such as the database name and potentially other data stored within the database.
Exploitation of this flaw may allow attackers to gain deeper access to the system, manipulate or delete data, and potentially compromise the integrity and confidentiality of the applicationβs data.
Since the attack can be performed within an authenticated session, it increases the risk of insider threats or session hijacking leading to further exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know