CVE-2023-1468

Name of the Vulnerable Software and Affected Versions SourceCodester Student Study Center Desk Management System version 1.0

Description A critical vulnerability was found in the Report Handler component of the system. The issue affects an unknown functionality of the file "admin/?page=reports&date from=2023-02-17&date to=2023-03-17". The manipulation of the date from and date to arguments leads to SQL injection. The attack can be launched remotely.

Recommendations For SourceCodester Student Study Center Desk Management System version 1.0, consider disabling the Report Handler component or restricting access to the "admin/?page=reports" endpoint until a patch is available. Avoid using the date from and date to arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.