Dimengshi

**Name of the Vulnerable Software and Affected Versions** itsourcecode Tailoring Management System version 1.0 **Description** A critical vulnerability was found in the itsourcecode Tailoring Management System, affecting the file /incadd.php. The manipulation of the arguments `inccat`, `desc`, `date`, and `amount` leads to SQL injection. The attack can be initiated remotely. **Recommendations** As a temporary workaround, consider restricting access to the vulnerable file /incadd.php until a patch is available. Avoid using the parameters `inccat`, `desc`, `date`, and `amount` in the affected API endpoint until the issue is resolved. Update to the latest release to mitigate risks. Review input validation on all parameters to prevent similar issues.