CVE-2024-27709 Information

Description

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component.

Reference

https://blog.be-hacktive.com/eskooly-cve/cve-2024-27709-sql-injection-in-eskooly-web-product-v.3.0