PHPGurukul Art Gallery Management System SQL Injection Vulnerability in Forgot Password Feature

A critical SQL injection vulnerability has been identified in the PHPGurukul Art Gallery Management System version 1.1. The issue arises in the file '/admin/forgot-password.php', where the 'email' parameter is processed. The vulnerability allows attackers to inject malicious SQL code, which is executed without proper input validation or sanitization. This exploitation can be done remotely and does not require authentication.

Impact

Exploitation of this vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized database access, data modification or deletion, and exposure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/admin/forgot-password.php' with an injected payload in the 'email' parameter. This payload should be crafted to exploit the time-based blind SQL injection vulnerability, using a SQL injection technique that leverages the 'SLEEP' function to create a time delay as a response indicator.

Remediation

It is recommended to implement prepared statements and parameter binding to prevent SQL injection attacks. Additionally, input validation and filtering should be applied to ensure that user input meets expected formats, thereby blocking malicious data. Minimizing database user permissions can also help reduce the impact of potential SQL injection vulnerabilities.