CVE-2023-39850

Name of the Vulnerable Software and Affected Versions Schoolmate version 1.3

Description The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the $courseid and $teacherid parameters at the DeleteFunctions.php file. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Schoolmate version 1.3, consider disabling the DeleteFunctions.php file or restricting access to it until a patch is available. Avoid using the $courseid and $teacherid parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.