CVE-2024-6279

Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1

Description: A critical issue was found in the Exam Results Page component, specifically in the file examresults-par.php. The manipulation of the sid argument leads to SQL injection. This issue can be exploited remotely.

Recommendations: For lahirudanushka School Management System versions 1.0.0 through 1.0.1, consider restricting access to the Exam Results Page or the examresults-par.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the sid argument in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.