vendor:
School ERP Pro
by:
Besim ALTINOK
N/A
CVSS
HIGH
SQL Injection
89
CWE
Product Name: School ERP Pro
Affected Version From: Not specified
Affected Version To: Not specified
Patch Exists: NO
Related CWE:
CPE: a:arox:school_erp_pro:1.0
Platforms Tested: Xampp
2020
School ERP Pro 1.0 – ‘es_messagesid’ SQL Injection
The 'es_messagesid' parameter in the School ERP Pro 1.0 is vulnerable to SQL injection. An attacker can manipulate the parameter to inject malicious SQL code, potentially allowing unauthorized access to the database.
Mitigation:
The vendor should sanitize and validate user input to prevent SQL injection attacks. Users are advised to update to the latest version of the software.