Xie Hao

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Managemen System version 1.0 **Description** A flaw exists in itsourcecode Student Managemen System 1.0 related to the manipulation of the `sy` argument within the `/advisers.php` file, leading to a SQL injection condition. This allows for remote exploitation. The exploit has been publicly disclosed. The vulnerable functionality resides within the `/advisers.php` file. The `sy` parameter is susceptible to injection attacks. **Recommendations** Versions prior to 1.0 should be used. As a temporary workaround, restrict access to the `/advisers.php` file. Avoid using the `sy` parameter in the `/advisers.php` endpoint until the issue is resolved.