Mxh9934

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Attendance Tracking Management System version 1.0 **Description** A critical issue has been found in the attendance report function of the /admin/report.php file. The manipulation of the `course id` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `attendance report` function until a patch is available. Restrict access to the `/admin/report.php` file to minimize the risk of exploitation. Avoid using the `course id` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Itsourcode Tailoring Management System version 1.0 **Description** A critical issue has been identified, allowing for SQL injection through the manipulation of the `id`, `inccat`, `desc`, `date`, and `amount` arguments in the file `/incedit.php`. This can be exploited remotely. The issue affects an unknown part of the file. **Recommendations** For Itsourcode Tailoring Management System version 1.0, consider validating input on the backend to prevent unauthorized access as a temporary mitigation measure. Avoid using the vulnerable arguments `id`, `inccat`, `desc`, `date`, and `amount` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.