Php Scripts Mall · Php Scripts Mall Schools Alert Management Script · CVE-2018-7477
**Name of the Vulnerable Software and Affected Versions**
PHP Scripts Mall School Management Script version 3.0.4
**Description**
The issue exists due to SQL Injection in the Username and Password fields. This can be exploited via the /parents/Parent module/parent login.php endpoint, specifically through the `username` and `password` variables.
**Recommendations**
For version 3.0.4, update the parent login.php file to properly sanitize the `username` and `password` variables to prevent SQL Injection attacks. As a temporary workaround, consider restricting access to the /parents/Parent module/parent login.php endpoint until a patch is available.