Oblong

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A flaw exists in itsourcecode Society Management System that allows for SQL injection. This issue is located in the `/admin/edit admin.php` file, where manipulation of the `admin id` argument can lead to exploitation. The attack can be performed remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A flaw exists in the processing of the `/admin/delete expenses.php` file within itsourcecode Society Management System. Manipulation of the `expenses id` argument can lead to SQL injection. This issue is remotely exploitable and an exploit has been published. **Recommendations** Apply updates to address the SQL injection issue in the processing of the `/admin/delete expenses.php` file.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the `/admin/edit expenses.php` file, specifically through manipulation of the `expenses id` argument within an unknown function. The exploit has been publicly disclosed. **Recommendations** Apply any available updates to address the SQL injection issue in the `/admin/edit expenses.php` file. As a temporary workaround, restrict access to the `/admin/edit expenses.php` file. Sanitize the `expenses id` input to prevent SQL injection attacks.