CVE-2023-41522 - SQL Injection in Student Attendance Management System v1 Description Student Attendance Management System v1 contains multiple SQL injection vulnerabilities in the createStudents.php file. Specifically, the , , and parameters are improperly sanitized before being included in SQL queries, allowing remote attackers to execute arbitrary SQL commands. Vulnerability Type SQL Injection Affected Product Product Name: Student Attendance Management System Version: v1 Component: createStudents.php Vendor: GitHub Repository: https://github.com/rickxy/Student-Attendance-Management-System Attack Details Attack Type: Remote Attack Vectors: Parameters , , and Impact: - Code Execution - Information Disclosure References https://github.com/rickxy/Student-Attendance-Management-System Discoverer Chaima EL BAHRAOUI