CVE-2024-10425

Name of the Vulnerable Software and Affected Versions Project Worlds Student Project Allocation System version 1.0

Description A critical issue was found in the Project Selection Page component, specifically in the file /student/project selection/move up project.php. The manipulation of the up argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For Project Worlds Student Project Allocation System version 1.0, consider restricting access to the /student/project selection/move up project.php file until a patch is available. As a temporary workaround, avoid using the up argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.