A vulnerability classified as critical has been found in Diño Physics School Assistant 2.3. Affected is an unknown function of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection.
This vulnerability is traded as CVE-2024-35354. It is possible to launch the attack remotely. There is no exploit available.