CVE-2024-30998

CRITICAL

Phpgurukul Men Salon Management System - SQL Injection

Title source: rule

Description

SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.

Exploits (1)

nomisec WRITEUP 1 stars

by efekaanakkar · poc

https://github.com/efekaanakkar/CVE-2024-30998

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/efekaanakkar/CVEs/blob/main/PHPGurukul-Men-Salon-Management-System-2.0.md

Scores

CVSS v3 9.8

EPSS 0.1332

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/men_salon_management_system 2.0

Published Apr 03, 2024

Tracked Since Feb 18, 2026