Jarway

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A flaw exists in itsourcecode Society Management System version 1.0 that allows for remote SQL injection. The issue is located in the `/admin/edit activity.php` file, specifically through manipulation of the `activity id` argument within an unknown function. The exploit has been publicly disclosed. **Recommendations** Apply a fix to address the SQL injection issue in the `/admin/edit activity.php` file.

**Name of the Vulnerable Software and Affected Versions** 1000projects Beauty Parlour Management System version 1.0 **Description** A SQL injection issue exists in 1000projects Beauty Parlour Management System version 1.0. The vulnerability is located in the `/admin/bwdates-reports-details.php` file. Manipulation of the `fromdate`/`todate` argument can lead to SQL injection. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/bwdates-reports-details.php` file until a fix is available. Sanitize the `fromdate` and `todate` parameters before using them in SQL queries.