CVE-2022-32378

Name of the Vulnerable Software and Affected Versions itsourcecode Advanced School Management System version 1.0

Description The issue concerns SQL Injection, which can be exploited via the "/school/model/get teacher profile.php" API endpoint, specifically through the my index variable. This allows for potential unauthorized access to sensitive data.

Recommendations For itsourcecode Advanced School Management System version 1.0, consider restricting access to the "/school/model/get teacher profile.php" API endpoint until a patch is available. As a temporary workaround, avoid using the my index variable in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.