Shixu Wang

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A flaw exists in itsourcecode Society Management System 1.0. A manipulation of the `detail` argument in the file '/admin/edit expenses query.php' can lead to SQL injection. This attack can be launched remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A security issue exists in itsourcecode Society Management System version 1.0. The manipulation of the `detail` argument in the file '/admin/add expenses.php' can lead to SQL injection. Remote exploitation is possible. The exploit has been publicly disclosed. The vulnerable file is '/admin/add expenses.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Society Management System version 1.0 **Description** A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the `/admin/edit student query.php` file, specifically through manipulation of the `student id` parameter. The exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.