Kangkang

**Name of the Vulnerable Software and Affected Versions** itsourcecode COVID Tracking System version 1.0 **Description** A SQL injection issue exists in itsourcecode COVID Tracking System version 1.0. The issue is located in an unknown function of the file '/admin/?page=city'. Manipulation of the `ID` argument can lead to SQL injection, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode COVID Tracking System version 1.0 **Description** A SQL injection issue exists in an unknown functionality of the file '/admin/?page=state'. Manipulation of the `ID` argument can trigger the issue, allowing for remote attacks. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.