Checkgue

Name of the Vulnerable Software and Affected Versions: ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) versions 3.0.0 through 3.2.0 Description: The issue allows attackers to inject SQL through the "index.php" file, which can be exploited to bypass authentication. This is achieved by injecting malicious input into the `username` variable. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Recommendations: For ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) versions 3.0.0 through 3.2.0, consider disabling the authentication mechanism that uses the `username` variable in the "index.php" file until a patch is available. Restrict access to the "index.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.