PT-2025-35838 · 1000 Projects · Beauty Parlour Management System

M0Ker

Published

2025-09-03

Updated

2025-09-04

CVE-2025-9930

Report an issue

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions:

1000projects Beauty Parlour Management System version 1.0

Description:

A security issue has been identified in 1000projects Beauty Parlour Management System version 1.0. The vulnerability allows for SQL injection through manipulation of the `mobnumber` argument in the `/admin/contact-us.php` file. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations:

As a temporary workaround, consider restricting access to the `/admin/contact-us.php` file to minimize the risk of exploitation.

Sanitize the `mobnumber` input to prevent SQL injection attacks.

Exploit

Fix

Special Elements Injection

SQL injection

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-9930

Affected Products

Beauty Parlour Management System

PT-2025-35838 · 1000 Projects · Beauty Parlour Management System

Weakness Enumeration

Related Identifiers

Affected Products

References · 8