Shang

**Name of the Vulnerable Software and Affected Versions** kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 **Description** A vulnerability exists in kidaze CourseSelectionSystem. The issue involves SQL injection caused by manipulation of the `cname` argument in the file `/Profilers/PriProfile/COUNT2.php`. The attack can be initiated remotely. The product uses a rolling release model, and specific version information for affected or updated releases is not available. **Recommendations** Versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464: Restrict or disable access to the `/Profilers/PriProfile/COUNT2.php` file. Versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464: Sanitize the `cname` argument to prevent SQL injection.