Mr.K

**Name of the Vulnerable Software and Affected Versions** itsourcecode University Management System version 1.0 **Description** A flaw exists in itsourcecode University Management System 1.0 where manipulation of the `Name` argument in the `/att add.php` file can lead to SQL injection. This issue can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the `/att add.php` file to minimize the risk of exploitation. Avoid using the `Name` parameter in the `/att add.php` API endpoint until the issue is resolved.