CVE-2023-1039

Name of the Vulnerable Software and Affected Versions Class and Exam Timetabling System version 1.0

Description The issue is related to the lack of protection against SQL query structure manipulation when handling the password parameter in the index3.php script of the Class and Exam Timetabling System. This can be exploited by a remote attacker to execute arbitrary SQL code. The manipulation of the password argument leads to SQL injection. The attack can be launched remotely.

Recommendations For Class and Exam Timetabling System version 1.0, consider disabling the password parameter handling in the /admin/index3.php file until a patch is available to prevent SQL injection attacks. Restrict access to the /admin/index3.php file to minimize the risk of exploitation. Avoid using the password parameter in the affected POST request until the issue is resolved.