CVE-2021-40596

Name of the Vulnerable Software and Affected Versions sourcecodester Online Learning System version v2

Description The issue allows attackers to execute arbitrary SQL commands via the faculty id parameter in the Login.php file. This enables attackers to manipulate the database, potentially leading to unauthorized access or data modification.

Recommendations For sourcecodester Online Learning System version v2, consider restricting access to the Login.php file until a patch is available, and avoid using the faculty id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.