Muhanyun

**Name of the Vulnerable Software and Affected Versions** Class and Exam Timetabling System version 1.0 **Description** The issue is related to the lack of protection against SQL query structure manipulation when handling the `password` parameter in the index3.php script of the Class and Exam Timetabling System. This can be exploited by a remote attacker to execute arbitrary SQL code. The manipulation of the `password` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Class and Exam Timetabling System version 1.0, consider disabling the `password` parameter handling in the /admin/index3.php file until a patch is available to prevent SQL injection attacks. Restrict access to the /admin/index3.php file to minimize the risk of exploitation. Avoid using the `password` parameter in the affected POST request until the issue is resolved.