PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Problem type

Affected products

PHPGurukul

Beauty Parlour Management System

1.1 - AFFECTED

References

VDB-344655 | PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection

https://vuldb.com/?id.344655

vdb-entrytechnical-description

VDB-344655 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.344655

signaturepermissions-required

Submit #746520 | PHPgurukul Beauty Parlour Management System V1.1 SQL Injection

https://vuldb.com/?submit.746520

third-party-advisory

github.com

https://github.com/Shaon-Xis/cve/issues/1

exploitissue-tracking

phpgurukul.com

https://phpgurukul.com/

product

GitHub Security Advisories

GHSA-f56p-8g2x-4rg5

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects...

https://github.com/advisories/GHSA-f56p-8g2x-4rg5

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2088

github.com

https://github.com/Shaon-Xis/cve/issues/1

phpgurukul.com

https://phpgurukul.com

vuldb.com

https://vuldb.com/?ctiid.344655

vuldb.com

https://vuldb.com/?id.344655

vuldb.com

https://vuldb.com/?submit.746520

github.com

https://github.com/advisories/GHSA-f56p-8g2x-4rg5

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2088

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2088",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T14:32:07.807Z",
    "dateReserved": "2026-02-06T08:24:05.325Z",
    "datePublished": "2026-02-07T14:32:07.807Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T14:32:07.807Z"
      },
      "title": "PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "PHPGurukul",
          "product": "Beauty Parlour Management System",
          "versions": [
            {
              "version": "1.1",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344655",
          "name": "VDB-344655 | PHPGurukul Beauty Parlour Management System accepted-appointment.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344655",
          "name": "VDB-344655 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.746520",
          "name": "Submit #746520 | PHPgurukul Beauty Parlour Management System V1.1 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/Shaon-Xis/cve/issues/1",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://phpgurukul.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T09:29:13.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "yan1451 (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}