Z15049347097

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Information System version 1.0 **Description** A SQL injection issue exists in itsourcecode Student Information System 1.0 due to manipulation of the `level id` argument in the `/leveledit1.php` file. The issue is exploitable remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/leveledit1.php` file until a fix is available. Sanitize the `level id` argument to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.