SQL Injection Vulnerability in PHPGurukul Men Salon Management System
CVE-2025-3689

7.3HIGH

Key Information:

Vendor: PHPGurukul
Status: Men Salon Management System
Vendor: CVE Published:; 16 April 2025

Summary

A SQL injection vulnerability exists in the PHPGurukul Men Salon Management System version 1.0, specifically in the /admin/edit-customer-detailed.php file. This flaw arises from improper handling of the 'editid' parameter, which allows an attacker to manipulate SQL queries and gain unauthorized access to sensitive data. The exploitation can be performed remotely, posing significant risks to the application's data integrity and security. It is essential for users and administrators of this system to apply security updates and implement necessary measures to mitigate potential threats.

References

https://github.com/Xiaoyao-i03i/CVE/issues/1

https://phpgurukul.com/

https://vuldb.com/?ctiid.304978

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025