Employee Record Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Employee Record Management System developed by PHP Gurukul. This vulnerability exists in version 1 of the system, which is built with PHP and MySQL. The issue arises in the loginerms.php endpoint, where user input for the username and password is not properly sanitized before being incorporated into SQL queries. As a result, attackers can manipulate these parameters to bypass authentication and potentially access or modify sensitive data.

Impact

Exploitation of this vulnerability allows for authentication bypass, unauthorized access to the application dashboard, manipulation of employee records, and in some cases, remote code execution, depending on database privileges.

Reproduction

To reproduce this vulnerability, navigate to the loginerms.php endpoint of the Employee Record Management System. Enter a crafted payload in the username and password fields that exploits the SQL injection flaw, such as injecting SQL syntax that manipulates the query logic, like bypassing authentication checks.