CVE-2025-11506

📊 6.9 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 8, 2025

📋 Status: Modified

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	phpgurukul	beauty parlour management system	1.1	Vulnerable	cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.1:::::::*

📱

phpgurukul / beauty parlour management system

Application

Vulnerable

Version: 1.1

CPE:

cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.1:*:*:*:*:*:*:*

Metrics

6.9 MEDIUMCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Modified

CVSS Details

6.9 (MEDIUM)v4.0

Source: [email protected]

EPSS Details

0.0% (Minimal)6.9th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Oct 8, 2025 (25 days ago)

Last Modified

Oct 14, 2025 (19 days ago)

Security Weaknesses2

CWE-74CWE-89

References5

NVDgeneralgeneral+2