Ingenious School Management System SQL Injection Vulnerability

Ingenious School Management System is a web-based school management system. The system supports adding courses, posting grades and managing teachers. A SQL injection vulnerability exists in the /view/friendprofile.php file in Ingenious School Management System version 2.3.0. A remote attacker can...

CVE-2017-16561

/view/friendprofile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friendindex' parameter of a GET request...