PHPGurukul Art Gallery Management System SQL Injection Vulnerability in Add Art Product File

A critical SQL injection vulnerability has been identified in the PHPGurukul Art Gallery Management System version 1.0. The issue arises in the file '/admin/add-art-product.php', where the 'arttype' parameter is not properly validated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, without any authentication, potentially leading to unauthorized access to the database, modification or deletion of data, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate the application's database. This could include unauthorized data access, data modification or deletion, and in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the '/admin/add-art-product.php' file with a crafted 'arttype' parameter that includes SQL injection payloads. The lack of input validation will allow the injected SQL to be executed, demonstrating the vulnerability.