Severity

Medium

Analysis Summary

PHPGurukul Directory Management System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the index.php and searchdata.php scripts using the searchdata and username parameters, which could allow the attacker to view, add, modify or delete information in the back-end database.

Impact

• SQL injection
• Data Manipulation

Affected Vendors

PHPGurukul

Affected Products

PHPGurukul Directory Management System 1.0

Remediation

PHPGurukul is yet to provide a patch for the vulnerable product.