Levis1

**Name of the Vulnerable Software and Affected Versions** yashpokharna2555 StudentManagementSystem (affected versions not specified) **Description** A SQL injection issue exists in the `confirm logged in()` function within the student trans.php file. This flaw allows a remote attacker to manipulate the `FIRST NAME`, `Last Name`, or `EMAIL` arguments to execute arbitrary SQL commands. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete data from the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `confirm logged in()` function in the student trans.php file to minimize the risk of exploitation.