From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability ID: #445719 2. Vulnerability Name: 1000 Projects Beauty Parlour Management System PHP SQLite Project V1.0 SQL Injection 3. Description: - During a security review of the "Beauty Parlour Management System PHP SQLite Project", Hacker0xOne discovered a critical SQL injection vulnerability. - The vulnerability stems from insufficient user input validation for the "pagetitle" parameter in the "admin/about-us.php" file, allowing attackers to inject malicious SQL queries. - Attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information. 4. Root Cause: - The SQL injection vulnerability exists in the "admin/about-us.php" file. - The cause is that attackers can inject malicious code into the "pagetitle" parameter, which is directly used in SQL queries without proper sanitization or validation. - This enables attackers to forge input values, manipulate SQL queries, and perform unauthorized operations. 5. Impact: - Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data exposure, data tampering, full system control, and even service disruption, posing a serious threat to system security and business continuity. 6. Source: - GitHub Repository: https://github.com/Hacker0xone/CVE/issues/15 7. Submitter: - Hacker0xOne (UID 77704) 8. Submission Date: November 16, 2024, 15:12 9. Review Date: November 21, 2024, 08:05 10. Status: Accepted 11. VulDB Entry ID: 285664 12. Vulnerability Type: [1000 Projects Beauty Parlour Management System 1.0 / admin/about-us.php pagetitle sql injection] 13. Vulnerability Score: 20