SQL Injection in the «add-services.php» component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the «sername» parameter.
