PHPGurukul Online Course Registration System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in PHPGurukul Online Course Registration System versions prior to 3.1. The issue resides in the file '/onlinecourse/admin/manage-students.php', where the 'cid' POST parameter is manipulated, leading to unvalidated input being executed in SQL queries. This vulnerability can be exploited remotely, allowing attackers to inject SQL commands and potentially access or modify database information.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to extract, modify, or delete database information. This could lead to unauthorized access to sensitive data, such as user information or application credentials, and in some cases, could allow for further exploitation of the application or underlying server.

Reproduction

To reproduce this vulnerability, log into the application as a student and navigate to the course enrollment page. Once there, the 'check_availability.php' file can be accessed with a crafted POST request that includes a 'cid' parameter. This parameter should be injected with SQL payloads, such as '1' UNION SELECT password FROM admin--', to exploit the SQL injection vulnerability. The injection can be automated using a tool like SQLMap, targeting the 'check_availability.php' endpoint and using the 'cid' parameter to extract database information.