Gola

**Name of the Vulnerable Software and Affected Versions** python-utcp version 1.1.0 **Description** A server-side request forgery (SSRF) exists in the `utcp-gql/utcp-websocket` component of the universal-tool-calling-protocol. This issue allows a remote attacker to initiate a manipulation that results in the server making unauthorized requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Fees Management System version 1.0 **Description** A SQL injection issue exists in the '/manage payment.php' file. The flaw allows remote attackers to manipulate the `ID` argument to execute arbitrary SQL commands. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete data from the database. **Recommendations** Update itsourcecode Fees Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/manage payment.php' file or avoid using the `ID` argument until a fix is applied.