CVE-2025-9933

HIGH LAB

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via viewid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-9933. PoCs published by titanmaster96.

AI-analyzed exploit summary This repository contains a functional SQL injection exploit for CVE-2025-9933, targeting PHPGurukul Beauty Parlour Management System 1.1. The exploit includes a Python script that automates authentication bypass, column detection, and flag hunting via SQLi in the `/admin/view-appointment.php` endpoint.

Description

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC

by titanmaster96 · poc

https://github.com/titanmaster96/cve-2025-9933

View Code ZIP pw:eip

This repository contains a functional SQL injection exploit for CVE-2025-9933, targeting PHPGurukul Beauty Parlour Management System 1.1. The exploit includes a Python script that automates authentication bypass, column detection, and flag hunting via SQLi in the `/admin/view-appointment.php` endpoint.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHPGurukul Beauty Parlour Management System 1.1

Auth required

Prerequisites: Access to the admin panel · Network connectivity to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.322335

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.322335

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.643038

Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking

https://github.com/xiaoxinkaishi/cve/issues/4

Product product

https://phpgurukul.com/

Scores

CVSS v3 7.3

EPSS 0.0041

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull mysql:8.0

https://github.com/titanmaster96/cve-2025-9933

View in Library

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

phpgurukul/beauty_parlour_management_system 1.1

Published Sep 04, 2025

Tracked Since Feb 18, 2026