Zzh01007

**Name of the Vulnerable Software and Affected Versions** itsourcecode Payroll Management System version 1.0 **Description** A security issue exists in itsourcecode Payroll Management System 1.0 related to the processing of the file `/manage employee.php`. Manipulation of the `ID` argument can lead to SQL injection. This attack can be executed remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode College Management System version 1.0 **Description** A flaw exists in the processing of files within the application. Specifically, the `/admin/courses.php` file is susceptible to SQL injection due to improper handling of the `course code` parameter. This allows for remote exploitation. The details of the exploit have been publicly disclosed. **Recommendations** Apply a fix to address the improper handling of the `course code` parameter in the `/admin/courses.php` file.