CVE-2023-3007

Name of the Vulnerable Software and Affected Versions ningzichun Student Management System version 1.0

Description A critical issue affects some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the sid argument leads to weak password recovery. The attack may be launched remotely.

Recommendations For ningzichun Student Management System version 1.0, consider disabling the password recovery feature in the resetPassword.php file until a patch is available. Restrict access to the Password Reset Handler component to minimize the risk of exploitation. Avoid using the sid argument in the affected functionality until the issue is resolved.