CVE-2024-6278

Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1

Description: A critical issue has been found in the lahirudanushka School Management System, affecting an unknown functionality of the file subject.php of the component Subject Page. The manipulation of the update argument leads to SQL injection. The attack can be launched remotely.

Recommendations: For lahirudanushka School Management System versions 1.0.0 through 1.0.1, consider restricting access to the subject.php file of the Subject Page component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.