CVE-2025-9933

HIGH LAB

Phpgurukul Beauty Parlour Management System - Injection

Title source: rule

Description

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC

by titanmaster96 · poc

https://github.com/titanmaster96/cve-2025-9933

View Code ZIP pw:eip

References (5)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/xiaoxinkaishi/cve/issues/4

[Product] https://phpgurukul.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.322335

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.322335

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.643038

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 11.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Lab Environment

COMMUNITY

Community Lab

docker pull mysql:8.0

https://github.com/titanmaster96/cve-2025-9933

View in Library

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

phpgurukul/beauty_parlour_management_system 1.1

Published Sep 04, 2025

Tracked Since Feb 18, 2026