PHPGurukul Art Gallery Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in PHPGurukul Art Gallery Management System version 1.0. The issue resides in the file '/admin/edit-art-type-detail.php' when the 'editid' parameter is set to '1'. The vulnerability allows remote attackers to manipulate the 'arttype' argument, injecting malicious SQL that could be executed by the application. This exploitation could lead to unauthorized database access, data modification or deletion, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate the application's database. This could result in unauthorized data access, data modification or deletion, and potentially executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to '/admin/edit-art-type-detail.php' with the 'editid' parameter set to '1'. Include a crafted 'arttype' argument that contains malicious SQL payloads. The lack of proper input validation will allow the injected SQL to be executed, demonstrating the SQL injection vulnerability.