CVE Catalog

CVE-2024-53480

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.60%

45th percentile - higher than 45% of all known CVEs

Summary

A SQL injection vulnerability was found in Phpgurukul's Beauty Parlour Management System v1.1 in `login.php` via the `emailcont` parameter. An attacker can manipulate this parameter to execute unauthorized database queries.

Risk Assessment

The risk includes potential leakage of sensitive customer and staff data, as well as the possibility of modifying or deleting database records. This could compromise the confidentiality and integrity of the system.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, use prepared statements (parameterized queries) and input validation in `login.php`.

Original NVD description (English source)

Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS