Jiaoyanshuai

**Name of the Vulnerable Software and Affected Versions** itsourcecode Tailoring Management System version 1.0 **Description** A critical issue was found in the itsourcecode Tailoring Management System, affecting some unknown functionality of the file templateedit.php. The manipulation of the arguments `id`, `title`, or `msg` leads to SQL injection. The attack can be launched remotely. **Recommendations** For itsourcecode Tailoring Management System version 1.0, consider restricting access to the templateedit.php file and avoid using the arguments `id`, `title`, or `msg` until a patch is available. As a temporary workaround, consider disabling the functionality related to these arguments to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the templateadd.php file. This allows a remote attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause a denial of service by sending specially crafted requests with the `title` and `msg` parameters. The manipulation of the `title` and `msg` arguments leads to SQL injection. The attack can be initiated remotely. Recommendations: For Tailoring Management System version 1.0, consider disabling the templateadd.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `title` and `msg` parameters in the affected API endpoint until the issue is resolved. Restrict access to the templateadd.php file to minimize the risk of exploitation.