CVE Catalog

CVE-2026-37431

Critical
Published: Translated: NVD NIST

Summary

Beauty Parlour Management System v1.1 was found to have a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

Risk Assessment

This vulnerability could lead to the exposure of confidential data, posing a serious threat to the security of the organization and its clients.

Recommendation

It is recommended to immediately update the system to the latest version and implement appropriate security measures to prevent SQL injections.

Original NVD description (English source)

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS