PHPGurukul Employee Record Management System SQL Injection Vulnerability in Admin Profile Management

A critical SQL injection vulnerability has been identified in PHPGurukul Employee Record Management System version 1.3. The issue resides in the adminprofile.php file, where the AdminName parameter can be manipulated to inject malicious SQL code. This exploitation occurs without proper input validation or sanitization, allowing attackers to interfere with SQL queries and execute unauthorized database operations. The vulnerability can be exploited remotely, potentially leading to unauthorized database access, data manipulation, and disruption of services.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data modification or deletion, and in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to the /admin/adminprofile.php endpoint with the AdminName parameter. Inject a payload that exploits time-based blind SQL injection, such as one that uses the RLIKE operator to test for SQL injection vulnerabilities by causing a delay in the response.

Remediation

It is recommended to update the application to a version that addresses this vulnerability. If no such version is available, consider applying general SQL injection mitigation techniques, such as using prepared statements and parameterized queries to ensure that user input is properly escaped and cannot be used to manipulate SQL queries.