20 matches found
EUVD-2025-25010
Malicious code in bioql PyPI...
Beauty Parlour Management System book-appointment.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...
CVE-2025-9024
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9024
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9024
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9024 PHPGurukul Beauty Parlour Management System book-appointment.php sql injection
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9024
CVE-2025-9024 affects PHPGurukul Beauty Parlour Management System v1.1, specifically the /book-appointment.php file. The vulnerability is an SQL injection in the Message parameter, exploitable remotely with a disclosed exploit. Multiple sources confirm impact to the database (data exposure/altera...
CVE-2025-9024 PHPGurukul Beauty Parlour Management System book-appointment.php sql injection
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
PT-2025-33469 · Phpgurukul · Phpgurukul Beauty Parlour Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A SQL injection issue exists in PHPGurukul Beauty Parlour Management System 1.1, specifically within the /book-appointment.php file. The Message parameter is susceptible to...
PHPGurukul Beauty Parlour Management System 注入漏洞
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...
CVE-2025-5360
A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /book-appointment.php. The manipulation of the argument doctor leads to sql injection. The attack can be initiated remotely. The exploit has bee...
CampCodes Online Hospital Management System 注入漏洞
CampCodes Online Hospital Management System is an online hospital management system from CampCodes, Inc. An injection vulnerability exists in version 1.0 of the CampCodes Online Hospital Management System, which originates from a SQL injection due to an incorrect manipulation of the doctor...
BookIt < 2.3.8 - Authentication Bypass
The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address On a page where the bookit is embed, book an appointment using an ema...
CVE-2021-24614
The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24614 Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)
The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Book appointment, which stems from a lack o...
CVE-2020-22174
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...
PHPGurukul Hospital Management System SQL注入漏洞
PHPGurukul Hospital Management System is a web application for hospitals to manage doctors and patients. A SQL injection vulnerability exists in \hms\book-appointment.php in PHPGurukul Hospital Management System version 4.0. An attacker can exploit this vulnerability to obtain sensitive database...
Design/Logic Flaw
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php...
PT-2020-16054 · Phpgurukul · Phpgurukul Hospital-Management-System-In-Php
Name of the Vulnerable Software and Affected Versions: PHPGurukul hospital-management-system-in-php version 4.0 Description: The issue allows for XSS attacks via several endpoints, including "admin/patient-search.php", "doctor/search.php", "book-appointment.php", "doctor/appointment-history.php",...