CVE-2021-27545

MEDIUM

PHPGurukul Beauty Parlour Mgmt <1.0 - SQL Injection

Title source: llm

Description

SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.

Exploits (1)

exploitdb WORKING POC

by Thinkland Security Team · textwebappsphp

https://www.exploit-db.com/exploits/49580

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/161468/Beauty-Parlour-Management-System-1.0-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://github.com/BigTiger2020/Beauty-Parlour-Management-System

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49580

Scores

CVSS v3 6.5

EPSS 0.0113

EPSS Percentile 78.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/beauty_parlour_management_system 1.0

Published Apr 15, 2021

Tracked Since Feb 18, 2026