PT-2025-35838 · 1000 Projects · Beauty Parlour Management System

M0Ker

Publicado

2025-09-03

Atualizado

2025-09-04

CVE-2025-9930

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 1000projects Beauty Parlour Management System version 1.0

Description A security issue has been identified in 1000projects Beauty Parlour Management System version 1.0. The vulnerability allows for SQL injection through manipulation of the mobnumber argument in the /admin/contact-us.php file. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting access to the /admin/contact-us.php file to minimize the risk of exploitation. Sanitize the mobnumber input to prevent SQL injection attacks.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-9930

Produtos afetados

Beauty Parlour Management System

PT-2025-35838 · 1000 Projects · Beauty Parlour Management System

CVE-2025-9930

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9