Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records.
https://www.themissinglink.com.au/security-advisories/cve-2024-28094