Nhattruong.Blog

Name of the Vulnerable Software and Affected Versions: Teachers Record Management System version 1.0 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the `editid` GET parameter in "edit-subjects-detail.php" or "edit-teacher-detail.php", or the `searchdata` POST parameter in "search.php". Recommendations: For Teachers Record Management System version 1.0, consider disabling the `editid` and `searchdata` parameters in the affected files until a patch is available. Restrict access to "edit-subjects-detail.php", "edit-teacher-detail.php", and "search.php" to minimize the risk of exploitation. Avoid using the `editid` and `searchdata` parameters in the respective API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Teachers Record Management System version 1.0 Description: A stored cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the `email` parameter in the "adminprofile.php" endpoint. This could potentially lead to malicious actions being executed on the system. Recommendations: For Teachers Record Management System version 1.0, consider restricting access to the `adminprofile.php` endpoint until a fix is available, and avoid using the `email` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.