Jon0

**Name of the Vulnerable Software and Affected Versions** itsourcecode University Management System version 1.0 **Description** A flaw exists in itsourcecode University Management System 1.0 that allows for SQL injection. The issue is located in the `/admin search student.php` file, specifically through manipulation of the `admin search student` argument. This allows for remote exploitation. The exploit code has been publicly released. The vulnerable function is unknown. **Recommendations** Apply any available updates or patches for itsourcecode University Management System version 1.0. As a temporary workaround, restrict access to the `/admin search student.php` file. Sanitize the `admin search student` argument to prevent SQL injection attacks.