PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability in Contact Us Admin Page

A critical SQL injection vulnerability has been identified in the PHPGurukul Pre-School Enrollment System version 1.0. The issue arises in the file '/admin/contact-us.php', where the 'mobnum' parameter is manipulated, leading to unauthorized SQL query modifications. This vulnerability can be exploited remotely, without any authentication, allowing attackers to inject malicious SQL that could be executed by the database.

Impact

Exploitation of this vulnerability allows for unauthorized database access, manipulation of database contents, and potential disruption of service.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/admin/contact-us.php' with the 'mobnum' parameter. The injected payload can include SQL commands that exploit the application's SQL query handling, such as time-based blind SQL injection techniques that use the SQL 'SLEEP' function to indicate successful exploitation.

Remediation

No specific remediation measures are known for this vulnerability.