Zero Day MonitorZDM

← Back to list

7.3

CVE-2026-2088

phpgurukul · beauty_parlour_management_system

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid lea

Description

A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Products

Vendor	Product	Versions
phpgurukul	beauty_parlour_management_system	—

References

https://github.com/Shaon-Xis/cve/issues/1(Exploit, Issue Tracking)
https://phpgurukul.com/(Product)
https://vuldb.com/?ctiid.344655(Permissions Required, VDB Entry)
https://vuldb.com/?id.344655(Third Party Advisory, VDB Entry)
https://vuldb.com/?submit.746520(Third Party Advisory, VDB Entry)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-74, CWE-89

PublishedFeb 7, 2026

Last enriched3d ago

Trending Score0

Source articles0

Independent0

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-5558

PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection

MEDIUMCVE-2026-5560

PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection

MEDIUMCVE-2026-5552

PHPGurukul Online Shopping Portal Project Parameter sub-category.php sql injection

MEDIUMCVE-2026-5543

PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php sql injection

HIGHCVE-2025-63611

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the a

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 7, 2026

Discovered by ZDM

Apr 1, 2026

CVE-2026-2088: A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid lea — Zero Day Monitor