SQL Injection Vulnerability in Simple School Managment System 1.0
CVE-2024-25308
8.8HIGH
What is CVE-2024-25308?
The Simple School Management System version 1.0 by Code-projects is susceptible to SQL Injection attacks due to improper validation of user inputs. Specifically, an attacker can exploit the 'name' parameter located in the teacher_login.php file to inject malicious SQL code, potentially gaining unauthorized access to sensitive user data. This vulnerability emphasizes the need for robust input sanitization and secure coding practices to mitigate risks associated with database interactions.