SQL Injection Vulnerability in Kashipara E-learning Management System

CVE-2024-54923

What is CVE-2024-54923?

A security vulnerability identified in the Kashipara E-learning Management System version 1.0 enables attackers to exploit a SQL Injection flaw in the /admin/edit_teacher.php endpoint. By manipulating the department parameter, unauthorized users can execute arbitrary SQL commands. This could lead to unauthorized access to sensitive data stored in the database, putting both user information and system integrity at risk. Organizations using this version should assess their systems and apply appropriate security measures to mitigate the impact of this vulnerability.

References