PHPGurukul Directory Management System SQL Injection Vulnerability in Forget Password Admin File

A critical SQL injection vulnerability has been identified in PHPGurukul Directory Management System version 2.0. The issue resides in the admin forget-password.php file, where the email parameter is manipulated to inject malicious SQL queries. This vulnerability allows attackers to access the database without authorization, potentially leading to data modification, deletion, and unauthorized access to sensitive information. The vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows for unauthorized database access, manipulation or deletion of data, and leakage of sensitive information. This poses a significant risk to system security and data integrity.

Reproduction

The vulnerability can be reproduced by sending a POST request to the admin forget-password.php file with a crafted email parameter that includes SQL injection payloads. The injection takes advantage of the application's failure to properly validate and sanitize user input before using it in SQL queries. After the injection, the SQL injection vulnerability can be exploited, for example, by using a time-based blind SQL injection payload that, when executed, causes a delay in the response, indicating that the injection was successful.

Remediation

It is recommended to implement input validation and sanitization for the email parameter to prevent SQL injection. Additionally, using prepared statements for database queries can help mitigate this vulnerability by separating SQL code from user input. Finally, reviewing and restricting database user permissions can further enhance security.