Xiaoxin

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Beauty Parlour Management System version 1.1 **Description** A flaw exists in PHPGurukul Beauty Parlour Management System version 1.1 that allows for SQL injection. The issue is located in the `/admin/sales-reports-detail.php` file, specifically through manipulation of the `fromdate` and `todate` arguments within an unknown function. This allows for remote exploitation and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Beauty Parlour Management System version 1.1 **Description** A security flaw exists in PHPGurukul Beauty Parlour Management System version 1.1. The issue is located in the `/admin/all-appointment.php` file. Manipulation of the `delid` argument can lead to SQL injection. This attack can be executed remotely. The exploit has been released publicly. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/all-appointment.php` file until a patch is available. Sanitize the `delid` parameter before using it in any database queries.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Beauty Parlour Management System version 1.1 **Description** A flaw exists in PHPGurukul Beauty Parlour Management System 1.1 within the file `/admin/update-image.php`. Manipulation of the `lid` argument can lead to SQL injection, potentially allowing for remote attacks. The exploit for this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Beauty Parlour Management System version 1.1 **Description** A SQL injection issue exists in PHPGurukul Beauty Parlour Management System version 1.1 due to manipulation of the `viewid` argument in the `/admin/view-appointment.php` file. This allows for remote exploitation. The exploit is publicly available. **Recommendations** As a temporary workaround, restrict access to the `/admin/view-appointment.php` file until a patch is available. Sanitize the `viewid` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Beauty Parlour Management System version 1.1 **Description** A security flaw exists in PHPGurukul Beauty Parlour Management System 1.1. The issue is related to SQL injection within an unknown function of the `/admin/add-customer-services.php` file. Manipulation of the `sids[]` argument can lead to SQL injection, and the attack can be executed remotely. The exploit has been released publicly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Beauty Parlour Management System version 1.1 **Description** A weakness exists in PHPGurukul Beauty Parlour Management System 1.1. The issue is related to SQL injection in the `/admin/edit-services.php` file. Manipulation of the `sername` argument causes the SQL injection. The attack can be carried out remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.