PT-2025-21624 · Unknown · Phpgurukul Beauty Parlour Management System
Xinxinw
·
Published
2025-05-16
·
Updated
2025-05-21
·
CVE-2025-4758
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
PHPGurukul Beauty Parlour Management System version 1.1
Description:
A critical issue has been discovered in the PHPGurukul Beauty Parlour Management System. The problem lies in an unknown function within the /contact.php file. Manipulation of the
fname argument can lead to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed, making it potentially usable. Other parameters might also be affected.Recommendations:
For PHPGurukul Beauty Parlour Management System version 1.1, consider disabling the /contact.php file or restricting access to it until a patch is available. Avoid using the
fname argument in the affected file to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Beauty Parlour Management System