SQL Injection Vulnerability in PHPGurukul Pre-School Enrollment System

CVE-2024-54810

Summary

A SQL injection vulnerability has been identified within the PHPGurukul Pre-School Enrollment System Project version 1.0. This vulnerability resides in the password recovery functionality (/preschool/admin/password-recovery.php) and allows remote attackers to manipulate the 'mobileno' parameter, potentially enabling them to execute arbitrary code. Exploiting this weakness could lead to unauthorized access and data compromise, making it essential for users and administrators to secure their systems against such threats.

References