Pjy2004

**Name of the Vulnerable Software and Affected Versions** itsourcecode Apartment Management System version 1.0 **Description** A vulnerability exists in the processing of the file `/report/bill info.php`. Manipulation of the `vid` argument results in SQL injection. Remote exploitation is possible. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/report/bill info.php` file until a fix is available. Sanitize the `vid` argument to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Apartment Management System version 1.0 **Description** A SQL injection flaw exists due to manipulation of the `usid` argument in the `/report/unit status info.php` file. The attack can be executed remotely. The exploit has been published. **Recommendations** As a temporary workaround, restrict access to the `/report/unit status info.php` file until a fix is available. Sanitize the `usid` argument to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Apartment Management System version 1.0 **Description** A SQL injection issue exists in itsourcecode Apartment Management System version 1.0. The issue is located in the `/report/complain info.php` file, within an unknown function. Manipulation of the `vid` argument can lead to SQL injection. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.