PHPGurukul User Registration and Login System SQL Injection Vulnerability

A SQL injection vulnerability exists in PHPGurukul User Registration & Login and User Management System version 3.3. The issue is located in the file '/admin/yesterday-reg-users.php', where the 'id' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, with a public exploit available.

Impact

Exploitation of this vulnerability allows unauthorized access to the database, where attackers can leak, modify, or delete data. Additionally, it could lead to full system control and service disruption.

Reproduction

The vulnerability can be reproduced by sending a GET request to '/loginsystem/admin/yesterday-reg-users.php' with a crafted 'id' parameter that includes a SQL injection payload. The injection can be verified by using a time-based blind SQL injection technique, such as making the database wait for a few seconds before responding.

Remediation

No specific remediation is known for this vulnerability.