CVE-2026-2088

Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.1

Description A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the /admin/accepted-appointment.php file. Manipulation of the delid argument can trigger the injection. The exploit has been publicly disclosed and may be used to launch remote attacks.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /admin/accepted-appointment.php file. Sanitize the delid input parameter to prevent SQL injection.