Name of the Vulnerable Software and Affected Versions:

Diño Physics School Assistant version 2.3

Description:

A vulnerability has been discovered that impacts an unidentified code within the file /classes/Master.php?f=view item. Manipulating the argument `id` can result in SQL injection.

Recommendations:

For Diño Physics School Assistant version 2.3, as a temporary workaround, consider restricting access to the `/classes/Master.php?f=view item` endpoint until a patch is available. Avoid using the `id` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.