A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
https://www.exploit-db.com/exploits/50019
https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/