Zhugeaozun

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Beauty Parlour Management System version 1.0 **Description** A critical issue has been found in the 1000 Projects Beauty Parlour Management System. The problem affects the file `/admin/search-appointment.php` and is related to the manipulation of the `searchdata` argument, which leads to SQL injection. This issue can be initiated remotely. **Recommendations** For version 1.0, update to the latest version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the `/admin/search-appointment.php` file until a patch is available. Avoid using the `searchdata` argument in the affected API endpoint until the issue is resolved.