CVE-2024-11101

Name of the Vulnerable Software and Affected Versions 1000 Projects Beauty Parlour Management System version 1.0

Description A critical issue has been found in the 1000 Projects Beauty Parlour Management System. The problem is related to an unknown function of the file /admin/search-invoices.php, where the manipulation of the searchdata argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed publicly.

Recommendations For version 1.0, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the /admin/search-invoices.php file and avoid using the searchdata argument in this context until a patch is available. Ensure your systems are updated to the latest version to protect against this issue.