| Title | PHPGurukul Student Result Management System V2.0 SQL Injection |
|---|
| Description | A critical unauthenticated SQL Injection vulnerability exists in Student Result Management System v2.0 by PHPGurukul. The vulnerable file `notice-details.php` uses the `nid` GET parameter in an unsanitized SQL query, which allows attackers to inject arbitrary SQL via both time-based and UNION-based injection methods. This can lead to full database compromise, including extraction of administrator credentials. |
|---|
| Source | ⚠️ https://github.com/4m3rr0r/Student-Result-Management-System/ |
|---|
| User | 4m3rr0r (UID 85795) |
|---|
| Submission | 07/09/2025 23:25 (11 months ago) |
|---|
| Moderation | 07/12/2025 13:32 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 316230 [PHPGurukul Student Result Management System 2.0 GET Parameter /notice-details.php nid sql injection] |
|---|
| Points | 20 |
|---|