CVE-2022-2490

Name of the Vulnerable Software and Affected Versions SourceCodester Simple E-Learning System version 1.0

Description A critical vulnerability has been found in the SourceCodester Simple E-Learning System. The issue is related to an unknown function of the file search.php. The manipulation of the classCode argument with a specific input leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations As a temporary workaround, consider restricting access to the search.php file until a patch is available. Avoid using the classCode argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.