Daoyunxinshang

**Name of the Vulnerable Software and Affected Versions** Abdullah-Hasan-Sajjad Online-School versions prior to f09dda77b4c29aa083ff57f4b1eb991b98b68883 **Description** A flaw exists in Abdullah-Hasan-Sajjad Online-School. The issue is related to the manipulation of the `Email` argument in the `/studentLogin.php` file, which can lead to SQL injection. This allows for remote attacks. The product uses a rolling release strategy for continuous delivery. The vendor was contacted regarding this issue but did not respond. **Recommendations** Versions prior to f09dda77b4c29aa083ff57f4b1eb991b98b68883 should be updated. As a temporary workaround, consider restricting access to the `/studentLogin.php` file.