SQL Injection Vulnerability in Student Attendance Management System by Rickxy
CVE-2023-41524

8.8HIGH

Key Information:

Vendor: Rickxy
Status: Student Attendance Management System
Vendor: CVE Published:; 7 August 2025

What is CVE-2023-41524?

A SQL injection vulnerability has been identified in version 1 of the Student Attendance Management System, allowing unauthorized access through manipulation of the username parameter in the index.php file. This flaw can potentially enable attackers to execute arbitrary SQL queries, leading to exposure of sensitive data and potential system compromise. It is crucial for users of this software to implement security measures to mitigate the risks associated with this vulnerability.

References

https://github.com/rickxy/Student-Attendance-Management-S...

https://gist.github.com/celbahraoui/b9437dbec7ab539531fe4...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Aug 30, 2023

CVE-2023-41524 Data

JSON