CVE-2024-53481

A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.

CVE-2024-53480

Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in login.php via the emailcont parameter.

CVE-2024-51065

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.

CVE-2024-51066

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.

CVE-2025-4861

A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched rem...

CVE-2025-4757

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit ...

CVE-2025-4758

A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been discl...