E-learning Management System Vulnerable to SQL Injection

CVE-2024-54928

What is CVE-2024-54928?

The Kashipara E-learning Management System version 1.0 is susceptible to an SQL Injection vulnerability located in the '/admin/delete_teacher.php' endpoint. This flaw allows an attacker to manipulate SQL queries by injecting arbitrary SQL code, potentially leading to unauthorized data access or modifications. Exploiting this vulnerability can result in exposure of sensitive information or compromise of the underlying database, making it critical for users and administrators to apply appropriate security measures.

References