PHPGurukul Notice Board System SQL Injection Vulnerability in Forgot Password Feature
Vulnerability
A SQL injection vulnerability has been identified in the PHPGurukul Notice Board System version 1.0. The issue resides in the 'forgot-password.php' file, where the 'email' parameter can be manipulated to inject malicious SQL code. This vulnerability allows attackers to interfere with database queries, potentially leading to unauthorized data access or manipulation. The vulnerability can be exploited remotely, without any authentication requirements.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a request to the 'forgot-password.php' file with a crafted 'email' parameter that includes SQL injection payloads. The lack of proper input sanitization will allow the injected SQL code to be executed, manipulating the database query as intended by the attacker.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.