Cuit_Jiang

**Name of the Vulnerable Software and Affected Versions** Codezips ISP Management System version 1.0 **Description** A critical issue was found in the Codezips ISP Management System, affecting some unknown functionality of the file pay.php. The manipulation of the `customer` argument leads to SQL injection. The attack can be launched remotely. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Codezips ISP Management System version 1.0, as a temporary workaround, consider restricting access to the pay.php file until a patch is available. Avoid using the `customer` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.