An sqlinjection has been discovered within version 1.0.1 of https://github.com/lahirudanushka/School-Management-System---PHP-MySQL within the login page. This issue let’s unauthenticated users to access the admin panel due the lack of input sanitization.
Root Cause
An Authorisation Bypass vulnerability was found in the "login.php" file of the "School-Management-System---PHP-MySQL" project. The cause of this issue is that the attacker injects malicious code from the parameter "email" and logs in to another person's account without verification. This allows the attacker to construct input values, thereby manipulating other people's accounts and performing unauthorized operations.