PHPGurukul Online Fire Reporting System SQL Injection Vulnerability in details.php

A critical SQL injection vulnerability has been identified in PHPGurukul Online Fire Reporting System version 1.2. The issue resides in the file details.php, where the requestid parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to details.php with a crafted requestid parameter. The injection can be verified by using payloads that exploit boolean-based blind SQL injection or time-based blind SQL injection techniques. For example, appending a single quote followed by a SQL injection payload can demonstrate the vulnerability.