A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of…

A SQL injection vulnerability has been discovered in the Cyber-III Student-Management-System affecting the /login.php file's Parameter Handler component. The vulnerability allows remote attackers to manipulate the Password argument to perform SQL injection attacks. The exploit has been publicly disclosed and can be actively used. The affected system uses rolling releases, making version tracking difficult. The project maintainers have been notified through an issue report but have not yet responded to address the vulnerability.