PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability in manage-incomingvehicle.php

A critical SQL injection vulnerability has been identified in PHPGurukul Vehicle Parking Management System version 1.13. The issue resides in the file '/admin/manage-incomingvehicle.php', where the 'del' parameter is vulnerable to injection attacks. This vulnerability allows attackers to manipulate SQL queries by injecting malicious payloads, potentially leading to unauthorized database access and data manipulation.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, bypassing application security and potentially leading to unauthorized data access, data modification, or deletion. In some cases, this could allow for further exploitation of the underlying system.

Reproduction

The vulnerability can be reproduced by sending a GET request to '/admin/manage-incomingvehicle.php' with a crafted 'del' parameter that includes malicious SQL payloads. The injected SQL is executed by the application, demonstrating the SQL injection vulnerability.

Remediation

It is recommended to update to a version of PHPGurukul Vehicle Parking Management System that addresses this vulnerability. Users can check the PHPGurukul website for the latest version or contact PHPGurukul support for assistance.