CVE-2026-2088
7.3 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A SQL injection vulnerability in the Beauty Parlour Management System allows remote attackers to manipulate database queries. This is a serious flaw because it can be easily exploited over the network.
Who is affected
Users of PHPGurukul Beauty Parlour Management System version 1.1 are affected. An attacker could steal, modify, or delete sensitive data from the application's database.
Recommended fix
Immediately restrict access to the /admin/ directory and apply input validation/sanitization for the 'delid' parameter in /admin/accepted-appointment.php. Since a public exploit exists, consider the system compromised and audit for unauthorized access.
Technical Description
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74