I-Ovo-I

**Name of the Vulnerable Software and Affected Versions** itsourcecode Electronic Judging System version 1.0 **Description** A SQL injection issue exists in the '/admin/edit judge.php' endpoint. Remote attackers can exploit this by manipulating the `judge id` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or modification of the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the `judge id` parameter in the '/admin/edit judge.php' endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Electronic Judging System version 1.0 **Description** A SQL injection issue exists in the `/admin/edit team.php` endpoint. Remote attackers can exploit this by manipulating the `num id` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or modification of the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Electronic Judging System version 1.0 **Description** An issue exists in the processing of the '/admin/judges.php' endpoint. Manipulation of the `fname` argument allows for cross-site scripting, which can be exploited remotely. **Recommendations** Update itsourcecode Electronic Judging System version 1.0 to a newer version that contains a fix. As a temporary workaround, restrict access to the '/admin/judges.php' endpoint or avoid using the `fname` parameter until the issue is resolved.