PHPGurukul Online Notes Sharing System
0 remedies
cpe:2.3:a:phpgurukul:online_notes_sharing_system:*:*:*:*:*:*:*
0 remedies
- 1.0
PHPGurukul Online Notes Sharing System SQL Injection Vulnerability in Cookie Handler Component
Vulnerability
A critical SQL injection vulnerability has been identified in PHPGurukul Online Notes Sharing System version 1.0. The issue arises in the Cookie Handler component, specifically within the Dashboard file, where the sessionid argument is not properly sanitized, allowing for remote exploitation. While the original disclosure suggested a potential XPath injection, the characteristics of the attack payload align more closely with SQL injection.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
The vulnerability can be reproduced by sending a request to the '/Dashboard' endpoint with a crafted 'sessionid' cookie that includes SQL injection payloads. This can be done using tools like Burp Suite or by manually setting the cookie in a web browser.
Added: Jul 8, 2025, 2:11 AM
Updated: Jul 8, 2025, 2:11 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
5.0exploitability
9.7remediation
0.0relevance
0.2threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.