CVE-2024-51065
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk39th percentile - higher than 39% of all known CVEs
Summary
A SQL injection vulnerability was found in Phpgurukul Beauty Parlour Management System v1.1 in admin/index.php via the username parameter. An attacker can send a malicious SQL query, leading to unauthorized database access.
Risk Assessment
The risk includes potential loss of confidentiality of customer and employee data, as well as the ability to modify or delete database records. This could compromise system integrity and organizational reputation.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, use prepared statements (parameterized queries) and validate input data for the username parameter.
Original NVD description (English source)
Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.

