CVE-2024-27709

Name of the Vulnerable Software and Affected Versions Eskooly Web Product version 3.0

Description The issue allows a remote attacker to execute arbitrary code via the searchby parameter of the "allstudents.php" component and the id parameter of the "requestmanager.php" component. This enables the attacker to inject SQL code, potentially leading to unauthorized data access or modification.

Recommendations For Eskooly Web Product version 3.0, consider disabling the searchby parameter in the "allstudents.php" component and the id parameter in the "requestmanager.php" component until a patch is available. Restrict access to these components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.