PHPGurukul Daily Expense Tracker V1.1 Exposed: Critical SQL Injection in /register.php

A critical SQL injection vulnerability has been publicly disclosed in PHPGurukul's Daily Expense Tracking System, version 1.1. The flaw resides in the `/register.php` file, where the 'email' parameter is not sanitized before being used in database queries. This allows attackers to inject malicious SQL code directly, potentially compromising the entire application database and exposing sensitive user information.

The vulnerability was reported by a user known as 'F1rstb100d' on a public issue-tracking platform. The affected software is a free, downloadable PHP/MySQL application designed for personal finance management, available directly from the PHPGurukul website. The specific download link for the vulnerable version (V1.1) has been shared in the disclosure, making the exploit details accessible to anyone. The core failure is a classic lack of input validation, where user-supplied data from the registration form is passed unsanitized into SQL statements.

This public disclosure places immediate pressure on PHPGurukul to release a patch. Any organization or individual using this specific version of the Daily Expense Tracking System is now at direct risk of a data breach. The exploit requires no authentication, as it targets the public registration page. System administrators must assume their deployments are vulnerable and should urgently seek an official fix, implement strict input filtering, or consider alternative software until the vendor responds.