CVE-2024-13005

Name of the Vulnerable Software and Affected Versions 1000 Projects Attendance Tracking Management System version 1.0

Description A critical issue was found in the 1000 Projects Attendance Tracking Management System. This issue affects the file /admin/attendance action.php and is related to the manipulation of the attendance id argument, which leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the /admin/attendance action.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the attendance id argument in the affected file to minimize the risk of exploitation.