Gracepure

**Name of the Vulnerable Software and Affected Versions** itsourcecode Content Management System version 1.0 **Description** An issue exists in the `/save comment.php` endpoint where the manipulation of the `Name` argument allows for SQL injection, which is a technique used to execute malicious SQL statements that control a database server. This flaw enables remote exploitation. **Recommendations** As a temporary workaround, avoid using the `Name` parameter in the `/save comment.php` endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.