PHPGurukul Student Record System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in PHPGurukul Student Record System version 3.20. The issue arises in the register.php file, where multiple parameters are susceptible to injection. These parameters include c-full, fname, mname, lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1, marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.

Impact

Exploitation of this vulnerability allows attackers to inject and execute arbitrary SQL queries, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a request to the register.php file with injected SQL payloads in one or more of the vulnerable parameters. A time-based payload can be used to demonstrate the injection by causing a delay in the server's response.