CVE-2024-11649

Name of the Vulnerable Software and Affected Versions 1000 Projects Beauty Parlour Management System version 1.0

Description A critical issue has been found in the 1000 Projects Beauty Parlour Management System. The problem affects the file /admin/search-appointment.php and is related to the manipulation of the searchdata argument, which leads to SQL injection. This issue can be initiated remotely.

Recommendations For version 1.0, update to the latest version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the /admin/search-appointment.php file until a patch is available. Avoid using the searchdata argument in the affected API endpoint until the issue is resolved.