Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Spa and Salon: Unauthorized Access to Administrator Settings
CVE-2026-25374
Summary
A security issue in Spa and Salon software allows unauthorized users to access administrator settings, potentially leading to unauthorized changes or data manipulation. This affects versions up to 1.3.2 of the software. To fix the issue, update to the latest version or adjust access control settings to prevent unauthorized access.
Original title
Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a throu...
Original description
Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through <= 1.3.2.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026