Dyh18

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Doctors Appointment System version 1.0 **Description** A SQL injection issue exists in SourceCodester Simple Doctors Appointment System version 1.0. The issue is located in the `/admin/login.php` file. Manipulating the `Username` argument can lead to SQL injection. The attack can be performed remotely. The exploit is publicly available. **Recommendations** Apply any available updates or patches for SourceCodester Simple Doctors Appointment System version 1.0. As a temporary workaround, sanitize the `Username` input to prevent SQL injection attacks. Restrict access to the `/admin/login.php` file to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Doctors Appointment System version 1.0 **Description** A flaw exists in SourceCodester Simple Doctors Appointment System version 1.0 that allows for SQL injection. The issue is located in the file `/admin/ajax.php` and specifically affects the `email` argument when the `action` is set to `login2`. This manipulation can be carried out remotely. An exploit for this issue has been published. **Recommendations** Apply any available updates or patches for SourceCodester Simple Doctors Appointment System version 1.0. As a temporary workaround, restrict access to the `/admin/ajax.php` file. Sanitize the `email` input parameter within the `/admin/ajax.php` file to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Doctors Appointment System version 1.0 **Description** A flaw exists in the processing of files, specifically `/doctors appointment/admin/ajax.php?action=save category`. Manipulation of the `img` argument allows for unrestricted file uploads. This issue can be exploited remotely. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Teacher Record System version 1.0 **Description** A flaw exists in SourceCodester Teacher Record System that allows for SQL injection. The issue is located within a parameter handler component, specifically when manipulating the `searchteacher` argument of an unknown function in the 'Teacher Record System' file. This allows for remote exploitation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** itsourcecode University Management System versão 1.0 **Descrição** Existe uma falha de segurança no itsourcecode University Management System versão 1.0. A vulnerabilidade está relacionada à injeção de SQL em uma funcionalidade desconhecida do arquivo `/admin single student update.php`. A manipulação do parâmetro `ID` pode levar à exploração. O exploit foi divulgado publicamente e pode ser utilizado para ataques remotos. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** itsourcecode University Management System version 1.0 **Description** A cross site scripting issue exists in itsourcecode University Management System 1.0. The issue affects an unknown part of the file `/att single view.php`. Manipulation of the `dt` argument leads to the execution of cross site scripting. The attack can be executed remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.