PHPGurukul Employee Record Management System SQL Injection Vulnerability in registererms.php

A critical SQL injection vulnerability has been identified in version 1.3 of the PHPGurukul Employee Record Management System. The issue arises in the file registererms.php, where the Email parameter is manipulated to inject malicious SQL queries. This vulnerability can be exploited remotely, allowing attackers to access the database without authorization, potentially leading to data modification, deletion, or unauthorized information retrieval.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can inject malicious SQL queries into the database. This could result in unauthorized database access, data manipulation, deletion, or retrieval of sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to the registererms.php file with crafted payloads that exploit the boolean-based blind SQL injection vulnerability in the Email parameter. The injection can be verified by observing the application's response, which may indicate successful exploitation, such as bypassing authentication or accessing restricted data.

Remediation

No specific mitigation measures are known for this vulnerability. However, it is generally recommended to replace the affected product with an alternative that does not have this vulnerability.