Phpgurukul Beauty Parlour Management System vulnerabilities

CVE-2025-4758 [MEDIUM] CWE-74 CVE-2025-4758: A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters mi

CVE-2024-53480 [CRITICAL] CWE-89 CVE-2024-53480: Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.

CVE-2024-53481 [MEDIUM] CWE-79 CVE-2024-53481: A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Managemen A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.

CVE-2024-51065 [CRITICAL] CWE-89 CVE-2024-51065: Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php v Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.

CVE-2024-51066 [HIGH] CWE-639 CVE-2024-51066: An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's B An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.

CVE-2024-37798 [MEDIUM] CWE-79 CVE-2024-37798: Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.

CVE-2021-27544 [MEDIUM] CWE-79 CVE-2021-27544: Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Manageme Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.

CVE-2021-27545 [MEDIUM] CWE-89 CVE-2021-27545: SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1. SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.