CVE-2024-6277

Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1

Description: A critical issue was found in the Student Page component of the lahirudanushka School Management System, specifically in the file student.php. The manipulation of the update argument leads to SQL injection. This issue can be exploited remotely.

Recommendations: For lahirudanushka School Management System versions 1.0.0 through 1.0.1, as a temporary workaround, consider restricting access to the student.php file until a patch is available. Avoid using the update argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.