Ffe1

**Name of the Vulnerable Software and Affected Versions** itsourcecode COVID Tracking System version 1.0 **Description** A SQL injection issue exists in the Admin Login component of the software. The issue is located in the `/admin/login.php` file, specifically within an unknown function. Exploitation occurs through manipulation of the `Username` parameter, allowing for remote attacks. The exploit details have been publicly disclosed. **Recommendations** Apply a fix to the vulnerable function in the `/admin/login.php` file to prevent SQL injection attacks targeting the `Username` parameter.