phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.
The vulnerability results from insufficient validation and sanitization of input data passed to SQL queries in the check_availablity.php file (CWE-89). An attacker can inject arbitrary SQL code over the network without needing to have an account or user interaction. A network attack vector with low complexity (AC:L, PR:N, UI:N) means that the exploit is trivial to perform by anyone with access to the application.
An attacker can gain full access to the database (read, modify, delete data), which includes potential theft of user data, passwords and portal content, as well as the ability to take control of the application or database server.
Apply patches available from the manufacturer according to references. Until the fix is deployed, it is recommended to restrict access to the application and implement WAF (web application firewall) rules blocking SQL Injection attempts.
Phpgurukul News Portal Project version V4.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhpgurukul News Portal
APPPhpgurukul4.1
Related vulnerabilities
Nieautoryzowany upload pliku dowolnego formatu w Phpgurukul News Portal
Arbitrary File Deletion w Phpgurukul News Portal V4.1 (remove_file.php)
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this i...
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vuln...
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vuln...