Chengyao He

**Name of the Vulnerable Software and Affected Versions** Hostel Management System version 1.0 **Description** A SQL injection flaw exists in the file '/justines/admin/mod roomtype/index.php?view=view'. This issue allows a remote attacker to perform unauthorized database queries by manipulating the `ID` argument. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete sensitive data. **Recommendations** As a temporary workaround, restrict access to the '/justines/admin/mod roomtype/index.php?view=view' file or avoid using the `ID` argument until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.