CVE-2024-12234

Name of the Vulnerable Software and Affected Versions 1000 Projects Beauty Parlour Management System version 1.0

Description A critical issue has been found in the system, affecting an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to SQL injection. It is possible to launch the attack remotely. Other parameters might be affected as well.

Recommendations For version 1.0, consider disabling access to the /admin/edit-customer-detailed.php file until a patch is available. Restrict the manipulation of argument names to minimize the risk of SQL injection. Avoid using potentially vulnerable parameters in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.