PHPGurukul Hospital Management System SQL Injection Vulnerability in Manage-Doctors.php

A critical SQL injection vulnerability has been identified in PHPGurukul Hospital Management System version 4.0. The issue arises in the manage-doctors.php file, where the 'id' parameter is improperly sanitized before being used in a SQL DELETE query. This flaw allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to unauthorized data manipulation or disclosure.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, which could be used to manipulate the database, such as deleting data or disclosing sensitive information. In some cases, this type of vulnerability could lead to a complete system compromise.

Reproduction

To reproduce this vulnerability, log into the application as an administrator and navigate to the 'Manage Doctors' page. Intercept the request to delete a doctor using Burp Suite, and modify the 'id' parameter with a payload that includes a time-based blind SQL injection, such as one that uses the SQL 'SLEEP' function. Send the modified request, and observe the delayed response, which confirms the successful exploitation of the SQL injection vulnerability.