Jafer Al Zidjali

**Name of the Vulnerable Software and Affected Versions** SaphpLesson version 4.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands when the `magic quotes gpc` setting is disabled. This can be achieved via the `CLIENT IP` HTTP header. **Recommendations** For SaphpLesson version 4.3, consider enabling the `magic quotes gpc` setting to prevent SQL injection attacks. Additionally, as a temporary workaround, restrict access to the SQL database to minimize the risk of exploitation.