Sourcecodester Online Men's Salon Management System version 1.0 has an input validation flaw in the admin/services/manage_service.php page that allows malicious SQL commands to be injected into the database engine. The vulnerability can lead to unauthorized reading, modification, or deletion of records, potentially exposing sensitive customer data or disrupting business operations. It is a classic example of a CWE‑89 (SQL Injection) weakness where query construction fails to sanitize input.

The affected product is the Sourcecodester Online Men's Salon Management System, released as version 1.0. The flaw resides in the administrative service management interface, specifically the manage_service.php script. No other products or versions are mentioned in the data.

The CVSS score of 2.7 indicates low overall risk, and the EPSS score of less than 1% shows a very low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. Based on the description, the likely attack vector would require access to the administratively protected endpoint, implying that an attacker would need valid credentials or a session with administrator privileges to exploit the flaw. Once authenticated, an attacker could execute arbitrary SQL queries against the underlying database, affecting confidentiality and integrity of the management system's data.