Bupt_424201

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A security issue exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the `ID` argument, leading to a SQL injection. The affected element is a function within the /form137.php file. The attack can be initiated remotely, and the exploit has been publicly disclosed. There is evidence of increased malicious activity targeting this system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System 1.0 that allows for remote SQL injection. The issue is located in the file `/list report.php` and involves manipulation of the `sy` argument within an unknown function. The exploit for this issue is publicly available. **Recommendations** Apply a fix to the `/list report.php` file to prevent manipulation of the `sy` argument.