Ahmadmarzook

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

**Name of the Vulnerable Software and Affected Versions** Simple ChatBox versão 1.0 **Description** Uma falha na função `SimpleChatbox PHP()` dentro do arquivo `chatbox.sql` do componente Endpoint permite a manipulação remota. Isso pode levar à exposição de informações confidenciais de arquivos e diretórios. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple ChatBox versões anteriores a 1.1 **Description** Um problema de cross site scripting existe no componente Endpoint dentro do arquivo '/chatbox/insert.php'. Um invasor remoto pode explorar isso manipulando o argumento `msg`. **Recommendations** Atualize para uma versão posterior a 1.0. Como medida paliativa temporária, restrinja o acesso ao arquivo '/chatbox/insert.php' ou sanitize o argumento `msg` para minimizar o risco de exploração.

Name of the Vulnerable Software and Affected Versions sistema de gerenciamento de registros de pacientes code-projects versão 1.0 Description Uma fraqueza foi identificada no sistema de gerenciamento de registros de pacientes code-projects versão 1.0, especificamente dentro de uma parte desconhecida do arquivo `/db/hcpms.sql` do componente SQL Database Backup File Handler. Uma manipulação pode levar à divulgação de informações, e o ataque pode ser lançado remotamente. O exploit foi disponibilizado publicamente. Recommendations No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

Name of the Vulnerable Software and Affected Versions code-projects Movie Ticketing System versão 1.0 Description Uma vulnerabilidade foi encontrada no Movie Ticketing System que permite a divulgação de informações. A questão está relacionada ao SQL Database Backup File Handler e envolve a manipulação do arquivo `/db/moviedb.sql`. O ataque pode ser lançado remotamente e a exploração foi divulgada publicamente. Recommendations Atualmente, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

**Name of the Vulnerable Software and Affected Versions** code-projects Social Networking Site version 1.0 **Description** A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the `delete photos.php` file of the Endpoint component. Manipulation of the `ID` parameter can lead to SQL injection. The attack can be carried out remotely. The exploit has been publicly released. **Recommendations** Apply a fix to address the SQL injection issue in the `delete photos.php` file. Restrict or disable access to the vulnerable function within the Endpoint component. Sanitize the `ID` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Social Networking Site version 1.0 **Description** A cross site scripting issue exists due to the manipulation of the `content` argument within an unknown function of the file '/home.php' of the Alert Handler component. Remote exploitation is possible and the exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Reviewer System version 1.0 **Description** A security issue exists in code-projects Online Reviewer System version 1.0. Manipulation of the `Description` argument in an unknown function within the file `/system/system/students/assessments/databank/btn functions.php` can lead to cross site scripting. This attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A weakness exists in code-projects Online Food Ordering System 1.0. The issue affects an unknown part of the file `/dbfood/localhost.sql`, potentially leading to unauthorized access to files or directories. The attack can be initiated remotely, and an exploit has been publicly released. Modifying the configuration settings is advised. **Recommendations** Modify the configuration settings.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A security issue exists in code-projects Online Food Ordering System 1.0, specifically within an unknown functionality of the `/dbfood/food.php` file. Manipulation of the `cuisines` parameter leads to cross site scripting. This attack can be launched remotely. The exploit has been publicly released and may be used for attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A flaw exists in code-projects Online Food Ordering System 1.0, specifically within an unknown functionality of the `/dbfood/contact.php` file. Manipulating the `Name` parameter can lead to cross site scripting. This attack can be initiated remotely, and a public exploit is available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Accounting System version 1.0 **Description** A SQL injection issue exists in code-projects Accounting System version 1.0. The issue is located in the `/my account/delete.php` file, within an unknown function. Manipulating the `cos id` argument allows for remote exploitation. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/my account/delete.php` file until a fix is available. Avoid using the parameter `cos id` in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Accounting System version 1.0 **Description** A security issue exists in code-projects Accounting System version 1.0, specifically within the Web Application Interface component. Manipulation of the `costumer name` argument in the `/my account/add costumer.php` file can lead to cross site scripting. This attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Gym Management System versions prior to 1.1 **Description** A SQL injection issue exists in code-projects Simple Gym Management System. The issue is located in an unknown part of the `/gym/func.php` file. Manipulation of the `Trainer id`/`fname` argument can lead to SQL injection. The attack can be executed remotely. The exploit has been publicly disclosed. **Recommendations** Update to version 1.1 or later. As a temporary workaround, sanitize the `Trainer id` and `fname` parameters before using them in SQL queries.