CVE-2023-41504

Name of the Vulnerable Software and Affected Versions Student Enrollment In PHP version 1.0

Description The issue allows attackers to run arbitrary code via the Student Search function. This is a SQL Injection vulnerability, which means attackers can inject malicious SQL code to manipulate the database. The Student Search function is the vulnerable endpoint.

Recommendations For version 1.0, consider disabling the Student Search function until a patch is available to prevent exploitation. Restrict access to the database to minimize the risk of arbitrary code execution. Avoid using user-inputted data directly in SQL queries to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.