Buerchen

**Name of the Vulnerable Software and Affected Versions** raisulislamg4 student management system by php versions prior to 310d950e09013d5133c6b9210aff9444382d16d1 **Description** A remote SQL injection can occur due to a flaw in an unknown function within the 'delete.php' file. This issue is triggered by manipulating the `user id`, `course id`, `teacher id`, `student id`, or `application id` arguments. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to interfere with the database. **Recommendations** Update to a version later than 310d950e09013d5133c6b9210aff9444382d16d1. As a temporary workaround, restrict access to the 'delete.php' file or avoid using the `user id`, `course id`, `teacher id`, `student id`, and `application id` parameters until a fix is applied.