Viaiam

**Name of the Vulnerable Software and Affected Versions** itsourcecode Insurance Management System version 1.0 **Description** A critical issue exists in itsourcecode Insurance Management System 1.0 related to the processing of the `/updateAgent.php` file. Manipulation of the `agent id` argument can lead to a SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Insurance Management System version 1.0 **Description** A critical issue exists in itsourcecode Insurance Management System version 1.0. The vulnerability is located in an unknown part of the file `/insertNominee.php`. Manipulation of the `nominee id` argument can lead to SQL injection, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** itsourcecode Insurance Management System version 1.0: Address the SQL injection issue by sanitizing the `nominee id` argument in the `/insertNominee.php` file.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Insurance Management System version 1.0 **Description** A critical issue exists in itsourcecode Insurance Management System 1.0. The vulnerability is due to SQL injection within the `/insertPayment.php` file, specifically through manipulation of the `recipt no` argument. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.