PHPGurukul Employee Record Management System SQL Injection Vulnerability in Password Reset Functionality

A critical SQL injection vulnerability has been identified in PHPGurukul Employee Record Management System version 1.3. The issue resides in the password reset functionality, specifically within the file '/resetpassword.php'. The vulnerability is triggered by manipulating the 'newpassword' parameter, which is used in SQL queries without proper input validation or sanitization. This oversight allows attackers to inject malicious SQL code, potentially leading to unauthorized database access and manipulation.

Impact

Exploitation of this vulnerability allows attackers to inject malicious SQL queries, bypassing authentication and manipulating database records. This could result in unauthorized data access, data modification or deletion, and in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to '/erms/resetpassword.php' with the 'newpassword' and 'confirmpassword' parameters. Include a payload that exploits the SQL injection, such as one that uses a SQL injection technique like time-based blind SQL injection, which can be verified by the response delay.

Remediation

It is recommended to use prepared statements and parameterized queries to prevent SQL injection vulnerabilities. Additionally, input validation and sanitization should be implemented to ensure that user input is safe before being processed or stored.