CVE-2024-32406

Name of the Vulnerable Software and Affected Versions inducer relate versions prior to 2024.1

Description A Server-Side Template Injection (SSTI) issue allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. This enables the attacker to potentially gain unauthorized access and control over the system.

Recommendations For versions prior to 2024.1, update to version 2024.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Batch-Issue Exam Tickets function until a patch is available.