Yushu

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A SQL injection issue exists in itsourcecode Student Management System 1.0. Manipulation of the `ID` argument in the `/statistical.php` file can lead to SQL injection. The attack can be executed remotely. The exploit is publicly available. The vulnerable file is `/statistical.php`. **Recommendations** Apply any available updates to address the issue in the `/statistical.php` file. As a temporary workaround, restrict access to the `/statistical.php` file. Sanitize the `ID` parameter before using it in SQL queries.