CVE-2024-35354

Name of the Vulnerable Software and Affected Versions Diño Physics School Assistant version 2.3

Description A vulnerability has been discovered in the software, impacting an unidentified code within the file /classes/Master.php?f=save category. Manipulating the argument id can result in SQL injection.

Recommendations For Diño Physics School Assistant version 2.3, as a temporary workaround, consider restricting access to the /classes/Master.php?f=save category file to minimize the risk of exploitation. Avoid manipulating the id argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.