PHPGurukul Online Library Management System Unverified Password Change Vulnerability

A vulnerability exists in PHPGurukul Online Library Management System version 3.0, specifically in the password change functionality of the file '/change-password.php'. This vulnerability allows for weak password recovery by manipulating the email or phone number arguments. The issue arises because the system does not verify whether the submitted email and mobile number belong to the user requesting the password change. As a result, attackers can exploit this flaw remotely, bypassing identity checks and changing passwords for any user by using valid email and phone number combinations.

Impact

Exploitation of this vulnerability allows attackers to change the passwords of any users, thereby gaining complete control over their accounts and access to sensitive information.

Reproduction

To reproduce this vulnerability, obtain a user's email and phone number. Then, send a request to the '/change-password.php' file, including the email and phone number in the request. The server will not verify if the email and phone number belong to the user, allowing the password to be changed without proper authentication.

Remediation

It is recommended to implement a verification process for password changes that includes sending a one-time password (OTP) or token to the user's email or phone number, which must be validated on the server before allowing the password change.