PHPGurukul Hospital Management System SQL Injection Vulnerability in Doctor Edit Feature

A critical SQL injection vulnerability has been identified in PHPGurukul Hospital Management System version 4.0. The issue resides in the file '/admin/edit-doctor.php', specifically within the 'docfees' parameter. This vulnerability allows remote attackers to inject malicious SQL queries, potentially leading to unauthorized database access, data manipulation, and leakage of sensitive information. The vulnerability arises from inadequate input validation, enabling attackers to exploit the application by crafting specific input that is not properly sanitized before being used in SQL queries.

Impact

Exploitation of this vulnerability allows attackers to perform time-based blind SQL injection, manipulating SQL queries to access, modify, or delete database information. This could include unauthorized access to sensitive data or disruption of normal application operations.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/admin/edit-doctor.php' with an injected payload in the 'docfees' parameter. The payload should be crafted to exploit the SQL injection vulnerability, such as by using a time-based blind injection technique that leverages SQL commands like 'SLEEP' to demonstrate the injection's effectiveness.

Remediation

It is recommended to implement prepared statements and parameter binding to prevent SQL injection vulnerabilities. Additionally, input validation and filtering should be applied to ensure that user input meets expected formats and does not contain malicious content. Minimizing database user permissions can also help reduce the impact of potential SQL injection attacks.