CVE-2024-1828

Name of the Vulnerable Software and Affected Versions code-projects Library System version 1.0

Description A critical issue has been found in the code-projects Library System, affecting an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the arguments email, idno, phone, or username can lead to SQL injection. This issue can be exploited remotely.

Recommendations For code-projects Library System version 1.0, as a temporary workaround, consider restricting access to the affected file Source/librarian/user/teacher/registration.php until a patch is available. Avoid using the arguments email, idno, phone, or username in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.