Huayer

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Information Management System version 1.0 **Description** A vulnerability exists in itsourcecode Student Information Management System that allows for SQL injection. The issue affects an unknown part of the `/admin/login.php` file. Manipulation of the `uname` argument can lead to exploitation. The attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/login.php` file until a fix is available. Sanitize the `uname` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Information Management System version 1.0 **Description** A SQL injection issue exists due to the manipulation of the `studentId` argument in the processing of the file `/admin/modules/student/index.php`. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, restrict access to the file `/admin/modules/student/index.php` to minimize the risk of exploitation. Avoid using the `studentId` argument in the affected file until the issue is resolved.

**Nome do Software Vulnerável e Versões Afetadas** itsourcecode Sports Management System versão 1.0 **Descrição** Existe uma vulnerabilidade no itsourcecode Sports Management System 1.0. O problema envolve injeção de SQL devido à manipulação do argumento `code` dentro de uma função desconhecida do arquivo `/Admin/gametype.php`. Este ataque pode ser executado remotamente. O exploit foi disponibilizado publicamente. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Sports Management System version 1.0 **Description** A vulnerability exists in itsourcecode Sports Management System 1.0. The manipulation of the `code` argument in the file `/Admin/mode.php` can lead to SQL injection. The attack can be carried out remotely. **Recommendations** As a temporary workaround, consider restricting access to the file `/Admin/mode.php` until a fix is available. Sanitize the `code` argument before using it in any database queries.