Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.
The vulnerability exists in the /admin//search-result.php file, where the searchkey parameter passed by the user is not properly validated or filtered before being used in an SQL query. An attacker can inject malicious SQL code directly into this parameter, manipulating the logic of the query executed by the database server. The attack does not require authentication or user interaction, which significantly lowers the threshold for its execution.
An attacker can gain unauthorized access to the complete database contents (including user and administrator credentials), and depending on the database server configuration — also modify or delete data and potentially execute system commands.
Patches available from the vendor should be applied according to the references. As a temporary measure, it is recommended to restrict access to the administration panel exclusively to trusted IP addresses and implement WAF rules blocking typical SQL Injection patterns.
Phpgurukul User Registration & Login and User Management System version 3.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhpgurukul User Registration \& Login And User Management System
APPPhpgurukul3.2
Related vulnerabilities
Session Hijacking w PHPGurukul User Management System V3.3
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin pane...
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User...
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and Use...
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and ...