Zfly

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Lost and Found Information System. This issue affects the component HTTP POST Request Handler, specifically the file /classes/Master.php?f=save item. The manipulation of the `id` argument leads to SQL injection, allowing for remote attacks. **Recommendations** For version 1.0, consider disabling the `save item` function in the Master.php file until a patch is available to prevent SQL injection attacks. Restrict access to the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved.