Zhouhuan

**Name of the Vulnerable Software and Affected Versions** itsourcecode Inventory Management System version 1.0 **Description** A security flaw exists in itsourcecode Inventory Management System 1.0. The issue involves a SQL injection that can be triggered by manipulating the `U USERNAME` argument within an unknown function of the `/LogSignModal.PHP` file. This allows for remote exploitation. The exploit has been publicly released. **Recommendations** Apply any available updates to address the SQL injection issue in the `/LogSignModal.PHP` file. As a temporary workaround, restrict or sanitize the `U USERNAME` argument to prevent SQL injection attacks. Consider disabling or restricting access to the affected file `/LogSignModal.PHP` until a patch is available.