Primary

Context

PHPGurukul Boat Booking System SQL Injection Vulnerability in Add Boat Admin File

Vulnerability

A critical SQL injection vulnerability has been identified in PHPGurukul Boat Booking System version 1.0. The issue arises in the admin add-boat.php file, where the boatname parameter is manipulated to inject malicious SQL queries. This vulnerability can be exploited remotely, without any authentication, allowing attackers to access, modify, or delete database information.

Impact

Exploitation of this vulnerability allows for unauthorized database access, manipulation of data, and potential disruption of services.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /admin/add-boat.php file with a crafted boatname parameter. This parameter should include a payload that exploits the SQL injection, such as a time-based blind injection that uses a SQL sleep command to demonstrate the vulnerability.

Remediation

No specific remediation is known for this vulnerability.

Added: Aug 1, 2025, 2:17 AM

Updated: Aug 1, 2025, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

9.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

9.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPGurukul Boat Booking System SQL Injection Vulnerability in Add Boat Admin File

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PHPGurukul Boat Booking System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating