PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in PHPGurukul Vehicle Parking Management System version 1.13. The issue resides in the file '/admin/view-outgoingvehicle-detail.php', where the 'viewid' parameter is manipulated to inject malicious SQL code. This exploitation occurs without proper input validation or sanitization, allowing attackers to interfere with SQL queries and execute unauthorized database operations. The vulnerability can be exploited remotely, with public knowledge of the exploit available.

Impact

Exploitation of this vulnerability allows attackers to inject malicious SQL queries, potentially leading to unauthorized database access, data manipulation or deletion, and exposure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to the '/admin/view-outgoingvehicle-detail.php' endpoint, including a 'viewid' parameter with injected SQL payloads. This can be done manually or using automated tools like SQLMap, which can exploit the injection and extract database information.

Remediation

It is recommended to update to a version of PHPGurukul Vehicle Parking Management System that addresses this vulnerability. If no such version is available, consider implementing input validation and using prepared statements to prevent SQL injection.