CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11055 – 1000 Projects Beauty Parlour Management System admin-profile.php sql injection
https://notcve.org/view.php?id=CVE-2024-11055
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://1000projects.org https://github.com/Hacker0xone/CVE/issues/3 https://vuldb.com/?ctiid.283799 https://vuldb.com/?id.283799 https://vuldb.com/?submit.439322 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 3CVE-2021-27545
https://notcve.org/view.php?id=CVE-2021-27545
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. Una inyección SQL en el componente "add-services.php" del PHPGurukul Beauty Parlour Management System versión v1.0, permite a atacantes remotos obtener información confidencial de la base de datos mediante la inyección de comandos SQL en el parámetro "sername" • https://github.com/BigTiger2020/Beauty-Parlour-Management-System https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/49580 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-27544
https://notcve.org/view.php?id=CVE-2021-27544
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el componente "add-services.php" de PHPGurukul Beauty Parlor Management System versión v1.0, permite a atacantes remotos ejecutar código arbitrario inyectando HTML arbitrario en el parámetro "sername" • https://github.com/BigTiger2020/Beauty-Parlour-Management-System https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •