PHPGurukul Art Gallery Management System SQL Injection Vulnerability in Change Image Functionality

A critical SQL injection vulnerability has been identified in the PHPGurukul Art Gallery Management System version 1.1. The issue resides in the admin/changeimage.php file, where the editid parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, leading to unauthorized database access, data manipulation, and potential system compromise.

Impact

Exploitation of this vulnerability allows for unauthorized database access, data modification or deletion, and access to sensitive information. It could also lead to complete system control and service disruption.

Reproduction

The vulnerability can be reproduced by sending a POST request to the admin/changeimage.php file with a crafted editid parameter that includes malicious SQL payloads. This can be done using tools like sqlmap, which automates the injection process and exploits the vulnerability.

Remediation

No specific mitigation measures are known for this vulnerability.