Efekaanakkar

**Name of the Vulnerable Software and Affected Versions** phpgurukul Men Salon Management System version 2.0 **Description** The issue concerns SQL Injection via the `username` parameter of the "/msms/admin/index.php" API endpoint. This allows for potential exploitation. **Recommendations** For phpgurukul Men Salon Management System version 2.0, consider restricting access to the "/msms/admin/index.php" endpoint until a patch is available, and avoid using the `username` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Men Salon Management System version 2.0 **Description** The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the `email` parameter in the "index.php" component. This enables attackers to access and manipulate data without authorization. **Recommendations** For PHPGurukul Men Salon Management System version 2.0, consider disabling the `email` parameter in the "index.php" component until a patch is available to prevent exploitation. Restrict access to sensitive information and monitor for unusual activity to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.