CVE-2024-11648: 1000 Projects Beauty Parlour Management System add-customer.php sql injection
First published: Mon Nov 25 2024(Updated: )
A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 1000projects Beauty Parlour Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11648?
CVE-2024-11648 is classified as a critical vulnerability.
How do I fix CVE-2024-11648?
To mitigate CVE-2024-11648, it's recommended to update to a patched version of the 1000 Projects Beauty Parlour Management System.
What type of vulnerability is CVE-2024-11648?
CVE-2024-11648 is a SQL injection vulnerability affecting the add-customer.php file.
What software is affected by CVE-2024-11648?
CVE-2024-11648 affects version 1.0 of the 1000 Projects Beauty Parlour Management System.
What is the potential impact of exploiting CVE-2024-11648?
Exploiting CVE-2024-11648 can allow an attacker to manipulate database queries, potentially leading to unauthorized data access.
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/1000projects
- canonical/1000projects beauty parlour management system
- version/1000projects beauty parlour management system/1.0