Seventeenss

**Name of the Vulnerable Software and Affected Versions** OUSL-GROUP-BrinaryBrains School Student Management System versions prior to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 **Description** An issue exists in the Forgot Password Endpoint within the `ajax forgot password()` function of the `application/controllers/Login.php` file. Manipulation of the `email` argument allows for weak password recovery. This flaw can be exploited remotely, although it is characterized by high complexity and difficult exploitation. **Recommendations** Update to a version later than 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. As a temporary workaround, restrict access to the `ajax forgot password()` function in the `application/controllers/Login.php` file to minimize the risk of exploitation.