Dd456

Name of the Vulnerable Software and Affected Versions: itsourcecode Tailoring Management System version 1.0 Description: A critical issue has been identified in the itsourcecode Tailoring Management System, affecting an unknown functionality of the file staffedit.php. The manipulation of the `id`, `stafftype`, `address`, `fullname`, `phonenumber`, and `salary` arguments leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. Recommendations: For itsourcecode Tailoring Management System version 1.0, consider disabling the `staffedit.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `id`, `stafftype`, `address`, `fullname`, `phonenumber`, and `salary` arguments in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.