Guanwhite

**Name of the Vulnerable Software and Affected Versions** itsourcecode Inventory Management System version 1.0 **Description** A security issue exists in itsourcecode Inventory Management System version 1.0. Manipulation of the `PROMODEL` argument in the file `/admin/products/index.php?view=add` can lead to SQL injection. This attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Transcript Processing System version 1.0 **Description** A weakness exists in itsourcecode Student Transcript Processing System 1.0. The issue involves the potential for SQL injection through manipulation of the `uname` argument in the /login.php file. This can be exploited remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.