PHPGurukul Park Ticketing Management System SQL Injection Vulnerability in Forgot Password Function

A critical SQL injection vulnerability has been identified in PHPGurukul Park Ticketing Management System version 2.0. The issue resides in the forgot-password.php file, where the email/contactno parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, posing a significant risk to the application's database integrity and security.

Impact

Exploitation of this vulnerability allows unauthorized access to the application's database, where attackers can leak, modify, or delete data. Additionally, this could lead to complete control over the system and disruption of services.

Reproduction

The vulnerability can be reproduced by sending a POST request to the forgot-password.php file with a crafted email parameter that includes SQL injection payloads. The injected SQL code is executed by the database, allowing the attacker to manipulate database queries and access sensitive information.

Remediation

To address this vulnerability, it is recommended to implement prepared statements and parameter binding to prevent SQL injection. Additionally, input validation and filtering should be applied to ensure that user input meets expected formats, blocking malicious data. Finally, database user permissions should be minimized, granting only necessary access rights to the database.