PHPGurukul Login and User Management System SQL Injection Vulnerability in Admin Panel

A critical SQL injection vulnerability has been identified in PHPGurukul's Login and User Management System version 3.3. The issue resides in the admin file 'yesterday-reg-users.php', where the 'id' parameter is not properly sanitized before being used in a SQL query. This flaw allows authenticated attackers to inject malicious SQL, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows authenticated admin users to inject SQL queries, which could be used to read or modify sensitive database information, dump user data, enumerate the database structure, and possibly escalate privileges by chaining with other vulnerabilities.

Reproduction

To reproduce this vulnerability, an authenticated admin user can send a GET request to 'admin/yesterday-reg-users.php' with a crafted 'id' parameter. The SQL injection can be exploited using a tool like sqlmap, by including the admin session cookie.

Remediation

It is recommended to replace the vulnerable SQL query with a parameterized statement to prevent SQL injection. Additionally, all user input should be validated and sanitized before use in SQL queries.