Kabir0104K

**Name of the Vulnerable Software and Affected Versions** krishanmuraiji SMS version 1.0 **Description** A SQL injection issue exists in krishanmuraiji SMS version 1.0. The issue is located within the '/studentms/admin/edit-class-detail.php' file and is triggered through the `editid` GET parameter. An attacker can use SQL `SLEEP()` to cause controlled delays and extract database information. Exploitation could result in complete database compromise, particularly within the administrative module. **Recommendations** Apply a fix for krishanmuraiji SMS version 1.0 to address the SQL injection issue in the '/studentms/admin/edit-class-detail.php' file. As a temporary workaround, restrict access to the `/studentms/admin/edit-class-detail.php` file. Sanitize the `editid` GET parameter to prevent SQL injection attacks.