Yewknight

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the `ID` argument within an unknown function of the `/update account.php` file, leading to a SQL injection condition. This allows for remote exploitation. The exploit is publicly available. **Recommendations** Apply updates to address the issue in the `/update account.php` file. Restrict access to the `/update account.php` file. Avoid using the `ID` parameter in the `/update account.php` endpoint until the issue is resolved.