CVE-2024-33967

Name of the Vulnerable Software and Affected Versions PayPal, Credit Card and Debit Card Payment version 1.0

Description A SQL injection issue affects the payment system, allowing an attacker to send a specially crafted query to the server. This could enable the retrieval of all stored information through the view in Attendance and YearLevel in the /AttendanceMonitoring/report/attendance print.php parameter.

Recommendations For version 1.0, consider disabling the /AttendanceMonitoring/report/attendance print.php endpoint until a patch is available to prevent exploitation. Restrict access to the view in Attendance and YearLevel parameters to minimize the risk of information retrieval. At the moment, there is no information about a newer version that contains a fix for this vulnerability.