EIP-2026-105434

PRE-CVE

Beauty Parlour Management System 1.0 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105434. PoCs published by Prof. Kailas PATIL.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the Beauty Parlour Management System 1.0 admin login panel, allowing authentication bypass via crafted input in the username field. The payload ' or '1'='1'# bypasses authentication by manipulating the SQL query logic.

Description

Beauty Parlour Management System 1.0 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC

by Prof. Kailas PATIL · textwebappsphp

https://www.exploit-db.com/exploits/48605

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in the Beauty Parlour Management System 1.0 admin login panel, allowing authentication bypass via crafted input in the username field. The payload ' or '1'='1'# bypasses authentication by manipulating the SQL query logic.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Beauty Parlour Management System v1.0

No auth needed

Prerequisites: Access to the admin login panel at /bpms/admin/index.php

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026