CVE-2024-54921

Name of the Vulnerable Software and Affected Versions Kashipara E-learning Management System version 1.0

Description A SQL Injection issue was discovered in the /student signup.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access. The username, firstname, lastname, and class id parameters are vulnerable to this issue.

Recommendations For Kashipara E-learning Management System version 1.0, consider temporarily restricting access to the /student signup.php file until a patch is available. As a mitigation measure, avoid using the username, firstname, lastname, and class id parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.