CVE-2024-11055 – 1000 Projects Beauty Parlour Management System admin-profile.php sql injection

https://notcve.org/view.php?id=CVE-2024-11055

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://1000projects.org https://github.com/Hacker0xone/CVE/issues/3 https://vuldb.com/?ctiid.283799 https://vuldb.com/?id.283799 https://vuldb.com/?submit.439322 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •