PHPGurukul Student Result Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in PHPGurukul Student Result Management System version 2.0. The issue arises in the file '/notice-details.php', where the GET parameter 'nid' is manipulated, leading to unauthorized SQL query modifications. This vulnerability can be exploited remotely, without authentication, and has been publicly disclosed along with an available exploit.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to a complete database compromise, including extraction of sensitive information such as administrator credentials.

Reproduction

To reproduce this vulnerability, send a request to the '/notice-details.php' file with a crafted 'nid' parameter that includes SQL injection payloads. Both time-based and UNION-based injection methods can be used to exploit this vulnerability.