Cloverhyl

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student Result System version 1.0 **Description** A security issue exists in SourceCodester Online Student Result System 1.0. The system is susceptible to SQL injection due to improper handling of the `ID` parameter within the `/view result.php` file. This allows for remote manipulation of the database. The details of the exploit have been publicly disclosed. **Recommendations** Apply appropriate input validation and sanitization techniques to the `ID` parameter in the `/view result.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student Result System version 1.0 **Description** A SQL injection issue exists in the SourceCodester Online Student Result System 1.0. The flaw is located in the `/login.php` script, where manipulating the `Username` parameter can allow an attacker to execute arbitrary SQL commands on the database server remotely. The exploit is publicly available. **Recommendations** Apply a fix to sanitize the `Username` parameter in the `/login.php` script to prevent SQL injection. As a temporary workaround, restrict access to the `/login.php` script.