Eva1

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Student Attendance System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Simple Student Attendance System. This issue affects the file `ajax-api.php?action=save attendance`, where the manipulation of the `class id` argument leads to SQL injection. The exploit has been disclosed to the public. **Recommendations** For SourceCodester Simple Student Attendance System version 1.0, consider disabling the `ajax-api.php?action=save attendance` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `class id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.