CVE-2023-2823

Name of the Vulnerable Software and Affected Versions SourceCodester Class Scheduling System version 1.0

Description A critical issue was found in the SourceCodester Class Scheduling System, affecting an unknown functionality of the file /admin/edit subject.php, specifically the GET Parameter Handler component. The manipulation of the id argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For SourceCodester Class Scheduling System version 1.0, consider disabling the id argument in the /admin/edit subject.php file as a temporary workaround to prevent SQL injection attacks. Restrict access to the /admin/edit subject.php file to minimize the risk of exploitation. Avoid using the id argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.