PHPGurukul Bus Pass Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in PHPGurukul Bus Pass Management System version 1.0. The issue resides in the file '/view-pass-detail.php', where the 'viewid' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data modification or deletion, and exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for unauthorized access to the database, manipulation or deletion of data, and access to sensitive information. Such actions pose a significant threat to the overall security of the system and the integrity of its data.

Reproduction

The vulnerability can be reproduced by sending a request to 'view-pass-detail.php' with a crafted 'viewid' parameter that includes malicious SQL payloads. This can be done using tools like sqlmap, which automate the injection process and exploit the vulnerability to extract database information.

Remediation

To address this vulnerability, it is recommended to implement input validation and sanitization for the 'viewid' parameter, use prepared statements to prevent SQL injection, and conduct regular security audits to identify and fix potential vulnerabilities.