Key Information Affected Product Product Name: Directory Management System Vendor Homepage: https://phpgurukul.com/directory-management-system-using-php-and-mysql/ Affected or Fixed Versions Submitter: scales Vulnerable File: /admin/forget-password.php Version: V2.0 Software Link: https://phpgurukul.com/sdm_process_download=1&download_id=9346 Vulnerability Type Type: SQL Injection Root Cause A SQL injection vulnerability was identified in the file of the "Directory Management System" project. The root cause is that attackers can inject malicious code via the "email" parameter, which is directly embedded into SQL queries without proper sanitization or validation. Impact Exploiting this SQL injection vulnerability allows attackers to access the database without authorization, leading to sensitive data leakage, data tampering, full system control, and potential service disruption. Description During a security assessment of the "Directory Management System", a critical SQL injection vulnerability was detected in the file. This vulnerability is due to insufficient validation of user input for the "email" parameter. Vulnerability Details and POC Vulnerable Parameter: "email" Payload: Vulnerability Request Packet: Contains detailed HTTP POST request information demonstrating how to exploit the vulnerability. Recommended Remediation 1. Use prepared statements with parameter binding. 2. Implement input validation and filtering. 3. Minimize database user privileges.