CVE-2024-33406

Name of the Vulnerable Software and Affected Versions campcodes Complete Web-Based School Management System version 1.0

Description The issue allows an attacker to execute arbitrary SQL commands via the index parameter in the /model/delete student grade subject.php API endpoint. This can potentially lead to unauthorized data access or modification.

Recommendations For campcodes Complete Web-Based School Management System version 1.0, consider restricting access to the /model/delete student grade subject.php API endpoint until a patch is available. As a temporary workaround, avoid using the index parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.