PHPGurukul Beauty Parlour Management System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHPGurukul Beauty Parlour Management System.
By the Year
In 2026 there have been 1 vulnerability in PHPGurukul Beauty Parlour Management System with an average score of 7.3 out of ten. Last year, in 2025 Beauty Parlour Management System had 14 security vulnerabilities published. Right now, Beauty Parlour Management System is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.46
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.30 |
| 2025 | 14 | 7.76 |
| 2024 | 5 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 5.65 |
It may take a day or so for new Beauty Parlour Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHPGurukul Beauty Parlour Management System Security Vulnerabilities
SQLi in PHPGurukul Beauty Parlour 1.1 /admin/accepted-appointment.php
CVE-2026-2088
7.3 - High
- February 07, 2026
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in PHPGurukul BM System 1.1 via /admin/search-invoices.php
CVE-2025-11507
7.3 - High
- October 08, 2025
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
SQL Injection
PHPGurukul Beauty Parlour Management System 1.1: Remote SQLi via searchdata
CVE-2025-11506
7.3 - High
- October 08, 2025
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
SQL Injection
SQLi via delid in PHPGurukul Beauty Parlour Mgmt Sys 1.1 /admin/new-appt.php
CVE-2025-11505
7.3 - High
- October 08, 2025
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
SQL Injection
PHPGurukul Beauty Parlour Management System 1.1 SQLi via /admin/manage-services.php delid
CVE-2025-11503
7.3 - High
- October 08, 2025
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of the argument delid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
SQL Injection
SQLi via delid in PHPGurukul Beauty Mgt 1.1 /admin/invoices.php
CVE-2025-11416
7.3 - High
- October 07, 2025
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
SQL Injection
PHPGurukul Beauty Parlour MS 1.1 SQLi via delid param
CVE-2025-11415
7.3 - High
- October 07, 2025
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
SQL Injection
SQLi in PHPGurukul Beauty Parlour Mngmt System 1.1 /admin/sales-reports-detail
CVE-2025-11330
6.3 - Medium
- October 06, 2025
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Beauty Parlour MS 1.1 – SQLi via delid in /admin/all-appointment.php
CVE-2025-10459
7.3 - High
- September 15, 2025
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
SQL Injection
PHPGurukul Beauty Parlour Mgmt Sys 1.1 Remote SQLi via viewid
CVE-2025-10403
7.3 - High
- September 14, 2025
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi via delid in /admin/readenq.php of PHPGurukul Beauty Parlour MgtSys 1.1
CVE-2025-10402
7.3 - High
- September 14, 2025
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
SQL Injection
PHPGurukul Beauty Parlour v1.1 Remote SQLi via /book-appointment.php
CVE-2025-9024
7.3 - High
- August 15, 2025
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Beauty Parlour Mgmt 1.1 SQLi via /admin/profile.php Remote Critical
CVE-2025-4861
9.8 - Critical
- May 18, 2025
A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
Critical PHPGurukul BSPM 1.1 SQLi in /forgot-password.php
CVE-2025-4757
9.8 - Critical
- May 16, 2025
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Critical SQLi in PHPGurukul Beauty Parlour Mgmt 1.1 via /contact.php
CVE-2025-4758
9.8 - Critical
- May 16, 2025
A vulnerability classified as critical has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file /contact.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
PHPGurukul Beauty Parlour Management System: Cross-Site Scripting (XSS) in Profile Module
CVE-2024-53481
- December 10, 2024
A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
SQL Injection Vulnerability in Phpgurukul Beauty Parlour Management System login.php
CVE-2024-53480
- December 10, 2024
Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
IDOR in appointment-detail.php: PII leak in Beauty Parlour CMS v1.1
CVE-2024-51066
- October 31, 2024
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.
Phpgurukul Beauty Parlour Management 1.1: SQLi via username in admin/index.php
CVE-2024-51065
- October 31, 2024
Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.
XSS via search-appointment.php in Phpgurukul Beauty Parlour MS 1.0
CVE-2024-37798
- June 17, 2024
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0
CVE-2021-27545
6.5 - Medium
- April 15, 2021
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
SQL Injection
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0
CVE-2021-27544
4.8 - Medium
- April 15, 2021
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for PHPGurukul Beauty Parlour Management System or by PHPGurukul? Click the Watch button to subscribe.
