Xiaoyang52914

**Name of the Vulnerable Software and Affected Versions** itsourcecode Inventory Management System version 1.0 **Description** A SQL injection issue exists in itsourcecode Inventory Management System version 1.0. The issue is related to the manipulation of the `user email` argument within an unknown function of the `/admin/login.php` file. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Apply any available updates or patches for itsourcecode Inventory Management System version 1.0. As a temporary workaround, restrict access to the `/admin/login.php` file. Avoid using the `user email` parameter in the `/admin/login.php` endpoint until the issue is resolved.