Rainsmoon

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Cake Ordering System version 1.0 **Description** A flaw exists in itsourcecode Online Cake Ordering System version 1.0 that allows for SQL injection. The issue stems from improper handling of the `ID` argument within the `/admindetail.php?action=edit` API endpoint. Manipulation of this argument can lead to unauthorized database access. The exploit for this issue has been publicly disclosed. **Recommendations** Apply a fix to properly sanitize the `ID` argument in the `/admindetail.php?action=edit` endpoint.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A SQL injection issue exists due to manipulation of the `ID` argument in an unknown function of the file '/addrecord.php'. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.