SQL Injection Vulnerability in Simple School Managment System 1.0
CVE-2024-25309
8.8HIGH
What is CVE-2024-25309?
The Simple School Management System version 1.0 by Code-projects contains a SQL Injection vulnerability in the 'pass' parameter located in the teacher login page (School/teacher_login.php). This flaw enables an attacker to execute arbitrary SQL commands, which could result in unauthorized access to sensitive data and potentially compromise the integrity of the database. Organizations utilizing this system should consider implementing immediate security measures to protect against such attacks.