CVE-2024-12490

Name of the Vulnerable Software and Affected Versions code-projects Online Class and Exam Scheduling System version 1.0

Description A critical issue has been found in the code-projects Online Class and Exam Scheduling System. This issue affects unknown code in the file /pages/teacher save.php. The manipulation of the salut argument leads to SQL injection. The attack can be initiated remotely. Other parameters might also be affected.

Recommendations For code-projects Online Class and Exam Scheduling System version 1.0, consider disabling the salut argument in the /pages/teacher save.php file as a temporary workaround until a patch is available. Restrict access to the /pages/teacher save.php file to minimize the risk of exploitation. Avoid using the salut argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.