Security Advisory
CVE-2021-28423
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the editid GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the searchdata POST parameter in search.php.