CVE-2024-6274

Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1

Description: A critical issue has been found in the Attendance Report Page component, specifically affecting the /attendancelist.php file. The manipulation of the aid argument leads to SQL injection, allowing for remote attacks. The exploit has been publicly disclosed.

Recommendations: For lahirudanushka School Management System versions 1.0.0 through 1.0.1, consider restricting access to the /attendancelist.php file until a patch is available. As a temporary workaround, avoid using the aid argument in the affected Attendance Report Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.