PT-2026-6909 · Phpgurukul · Phpgurukul Beauty Parlour Management System
Yan1451
·
Published
2026-02-07
·
Updated
2026-02-07
·
CVE-2026-2088
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Beauty Parlour Management System version 1.1
Description
A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the
/admin/accepted-appointment.php file. Manipulation of the delid argument can trigger the injection. The exploit has been publicly disclosed and may be used to launch remote attacks.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the
/admin/accepted-appointment.php file. Sanitize the delid input parameter to prevent SQL injection.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Beauty Parlour Management System