Meipei

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System 1.0 within an unknown functionality of the file `/candidates report.php`. Manipulation of the `school year` argument can lead to SQL injection. This attack can be initiated remotely, and an exploit is publicly available. **Recommendations** Apply input validation and sanitization to the `school year` argument in the `/candidates report.php` file.