Hywell

**Name of the Vulnerable Software and Affected Versions** itsourcecode School Management System version 1.0 **Description** A flaw exists in itsourcecode School Management System 1.0 that allows for SQL injection. The issue is located in the file `/ramonsys/inquiry/index.php` and involves manipulation of the `txtsearch` argument. This manipulation affects an unknown function and can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Apply a fix to address the SQL injection issue in the `/ramonsys/inquiry/index.php` file. Sanitize the `txtsearch` argument to prevent SQL injection attacks. As a temporary workaround, restrict access to the `/ramonsys/inquiry/index.php` file.