PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.