Thev

**Name of the Vulnerable Software and Affected Versions** kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 **Description** A flaw exists in kidaze CourseSelectionSystem that allows for sql injection. The issue is due to the manipulation of the `cbranch` argument. This can be exploited remotely via the file /Profilers/PriProfile/COUNT3s4.php and an unknown function. The exploit has been publicly disclosed. **Recommendations** Update to a version prior to 42cd892b40a18d50bd4ed1905fa89f939173a464.