CVE-2023-1591

Name of the Vulnerable Software and Affected Versions SourceCodester Automatic Question Paper Generator System version 1.0

Description A critical vulnerability has been found in the SourceCodester Automatic Question Paper Generator System. This issue affects an unknown part of the file classes/Users.php?f=save ruser. The manipulation of the id and email arguments leads to SQL injection. It is possible to initiate the attack remotely.

Recommendations For version 1.0, consider disabling the save ruser function in the classes/Users.php file until a patch is available. Restrict access to the classes/Users.php?f=save ruser endpoint to minimize the risk of exploitation. Avoid using the id and email arguments in the affected endpoint until the issue is resolved.