Fangyuan

**Name of the Vulnerable Software and Affected Versions** itsourcecode Fees Management System version 1.0 **Description** A remote SQL injection exists in the '/receipt.php' endpoint. The issue occurs when the `ef id` argument is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** Update itsourcecode Fees Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/receipt.php' endpoint or sanitize the `ef id` parameter to prevent malicious input.