Casey33

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student Clearance System version 1.0 **Description** A flaw exists in SourceCodester Online Student Clearance System 1.0 that allows for SQL injection. The issue is located in an unknown function within the `/Admin/changepassword.php` file. Manipulation of the `txtconfirm password` parameter can trigger the SQL injection. The attack can be initiated remotely. An exploit for this issue has been published. **Recommendations** Apply a fix for SourceCodester Online Student Clearance System version 1.0.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Alumni Management System version 1.0 **Description** A flaw exists in SourceCodester Alumni Management System 1.0. The issue is related to the manipulation of the `ID` argument within an unknown function of the `/manage career.php` file, leading to a SQL injection condition. Remote exploitation is possible. The exploit has been publicly released. **Recommendations** Apply any available updates or patches for SourceCodester Alumni Management System version 1.0. As a temporary workaround, restrict access to the `/manage career.php` file. Sanitize the `ID` parameter before using it in any database queries.