CVE-2025-26157

Name of the Vulnerable Software and Affected Versions: Source Code and Project Beauty Parlour Management System version V1.1

Description: A SQL Injection issue was found in the /bpms/index.php endpoint, allowing remote attackers to execute arbitrary code via the name POST request parameter.

Recommendations: For version V1.1, as a temporary workaround, consider restricting access to the /bpms/index.php endpoint until a patch is available. Avoid using the name parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.