Cheni

**Name of the Vulnerable Software and Affected Versions** Kushan2k student-management-system versions up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a **Description** An issue exists in the Certificate Verification Endpoint within the `getStatus()` function of the `controllers/GradeController.php` file. A remote attacker can perform SQL injection, which is a technique used to manipulate database queries, by manipulating the `nic` argument. **Recommendations** For versions up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a, avoid using the `nic` argument in the affected endpoint until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.