CVE-2024-33404

Name of the Vulnerable Software and Affected Versions campcodes Complete Web-Based School Management System version 1.0

Description A SQL injection issue in the /model/add student first payment.php file allows an attacker to execute arbitrary SQL commands via the index parameter. This could potentially lead to unauthorized data access or modification.

Recommendations For campcodes Complete Web-Based School Management System version 1.0, consider restricting access to the /model/add student first payment.php file until a patch is available. As a temporary workaround, avoid using the index parameter in the affected API endpoint to minimize the risk of exploitation.