PHPGurukul Hospital Management System SQL Injection Vulnerability in User Management Module

A SQL injection vulnerability has been identified in PHPGurukul Hospital Management System version 4.0, specifically within the user management module located at '/admin/manage-users.php'. The vulnerability arises because the application does not properly validate the 'id' parameter received via the URL. This lack of input sanitization allows remote attackers to manipulate the SQL query executed by the application, potentially leading to unauthorized data deletion or disclosure of sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, with the potential to delete data or extract sensitive information from the database. The vulnerability could also be exploited to bypass authentication and gain unauthorized access to the application.

Reproduction

To reproduce this vulnerability, log into the admin dashboard and navigate to 'Users -> Manage Users'. Once there, send a request to 'manage-users.php' with a crafted 'id' parameter that includes SQL injection payloads, such as time-based blind injection techniques. The server's response time will increase, indicating that the injected SQL command was executed. This vulnerability can also be exploited using tools like SQLMap.

Remediation

It is recommended to use prepared statements for SQL queries to prevent injection attacks. Additionally, input validation should be implemented to ensure that only expected data is processed. For example, the 'id' parameter should be cast to an integer before use.