Mrcc

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Class Record System version 1.0 **Description** A flaw exists in SourceCodester Online Class Record System 1.0. The issue is related to the manipulation of the `user email` argument within the file '/admin/login.php', leading to a SQL injection condition. This manipulation can be initiated remotely. The exploit has been published. **Recommendations** Apply any available updates or patches for SourceCodester Online Class Record System version 1.0. As a temporary workaround, restrict access to the /admin/login.php file. Sanitize the `user email` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Class Record System version 1.0 **Description** A flaw exists in SourceCodester Online Class Record System 1.0 that allows for SQL injection. The issue is located in the file `/admin/subject/controller.php`. Manipulating the `ID` argument can lead to successful exploitation. The exploit has been publicly released. **Recommendations** Apply a fix to the vulnerable file `/admin/subject/controller.php` to prevent manipulation of the `ID` argument.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Class Record System version 1.0 **Description** A flaw exists in the processing of the `/admin/message/search.php` file within the software. Manipulating the `term` argument can result in SQL injection. This issue can be exploited remotely. The details of the exploit have been publicly disclosed. **Recommendations** Apply any available updates or patches for version 1.0. As a temporary workaround, restrict access to the `/admin/message/search.php` file. Sanitize the `term` input to prevent SQL injection attacks.