Divehu

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System 1.0, specifically within the file `/newrecord.php`. Manipulation of the `ID` argument can lead to SQL injection. The attack can be launched remotely. The exploit has been published. The vulnerable file is `/newrecord.php` and the vulnerable parameter is `ID`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.