CVE Catalog

CVE-2024-51065

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile - higher than 39% of all known CVEs

Summary

A SQL injection vulnerability was found in Phpgurukul Beauty Parlour Management System v1.1 in admin/index.php via the username parameter. An attacker can send a malicious SQL query, leading to unauthorized database access.

Risk Assessment

The risk includes potential loss of confidentiality of customer and employee data, as well as the ability to modify or delete database records. This could compromise system integrity and organizational reputation.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, use prepared statements (parameterized queries) and validate input data for the username parameter.

Original NVD description (English source)

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS