Vulnerabilities > Phpgurukul > Beauty Parlour Management System > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-15 | CVE-2021-27545 | SQL Injection vulnerability in PHPgurukul Beauty Parlour Management System 1.0 SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | 6.5 |
| 2021-04-15 | CVE-2021-27544 | Cross-site Scripting vulnerability in PHPgurukul Beauty Parlour Management System 1.0 Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | 4.8 |