Xiaoliu

**Name of the Vulnerable Software and Affected Versions** itsourcecode Inventory Management System version 1.0 **Description** A SQL injection issue exists in itsourcecode Inventory Management System 1.0. Manipulation of the `ID` argument in the `/index.php?q=single-item` endpoint can lead to SQL injection. The attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** Apply a fix to address the SQL injection issue in the `/index.php?q=single-item` endpoint. Sanitize the `ID` parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the `/index.php?q=single-item` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Inventory Management System version 1.0 **Description** A flaw exists in itsourcecode Inventory Management System 1.0 that allows for remote SQL injection. The issue is located in the file `/admin/products/index.php?view=edit`, specifically through manipulation of the `ID` parameter. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: projectworlds Hospital Database Management System version 1.0 Description: A critical issue was found in the projectworlds Hospital Database Management System. This issue affects an unknown part of the file `/medicines info.php`. The manipulation of the `Med ID` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For projectworlds Hospital Database Management System version 1.0, consider disabling the `/medicines info.php` file or restricting access to it until a patch is available. Avoid using the `Med ID` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.