Fukun

Name of the Vulnerable Software and Affected Versions SourceCodester Online Food Ordering System versão 1.0 Description Uma vulnerabilidade foi identificada na função `save product` do arquivo `/Actions.php` dentro do componente POST Parameter Handler. A manipulação do argumento `price` pode levar a erros de lógica de negócios. O ataque pode ser realizado remotamente, e um exploit está publicamente disponível. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade. Como medida temporária, considere restringir o acesso ao arquivo `/Actions.php` ou desabilitar a função `save product` até que um patch esteja disponível.

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Product Management System versão 1.0 Description Uma falha de segurança foi descoberta no SourceCodester Pharmacy Product Management System 1.0. A falha está localizada em uma parte desconhecida do arquivo `add-sales.php` dentro do componente POST Parameter Handler. A manipulação do argumento `txtqty` pode levar a erros de lógica de negócios. O ataque pode ser iniciado remotamente e o exploit foi divulgado publicamente. Recommendations No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of HTTP GET parameters. Specifically, the manipulation of the `sid` argument within the `/update sales.php` file can lead to SQL injection. This issue is exploitable remotely, and details about the exploit have been publicly disclosed. **Recommendations** Apply updates to address the SQL injection issue in the `/update sales.php` file. Restrict access to the `/update sales.php` file to minimize the risk of exploitation. Sanitize the `sid` parameter before using it in SQL queries. As a temporary workaround, consider disabling the affected parameter `sid` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A security issue exists in SourceCodester Sales and Inventory System. The `update customer details.php` file’s HTTP GET Parameter Handler is susceptible to SQL injection through manipulation of the `sid` argument. This allows for remote execution of attacks. The exploit has been publicly disclosed. **Recommendations** Apply updates to address the SQL injection issue in the `update customer details.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A security flaw exists in SourceCodester Sales and Inventory System version 1.0. The issue is related to SQL injection within the `view supplier.php` file, specifically through manipulation of the `searchtxt` parameter in a POST request. This allows for remote attacks. The exploit has been publicly released. The vulnerable component is the POST Parameter Handler. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of HTTP GET parameters. Specifically, the `update category.php` file is susceptible to SQL injection through manipulation of the `sid` argument. This could allow for remote exploitation. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A flaw exists in SourceCodester Sales and Inventory System that allows for SQL injection. The issue is located within the `update purchase.php` file, specifically through manipulation of the `sid` argument via an HTTP GET request. This allows for remote execution of the attack. The exploit has been published. **Recommendations** Apply updates to address the SQL injection issue in the `update purchase.php` file. As a temporary workaround, restrict access to the `update purchase.php` file. Avoid using the `sid` parameter in the affected HTTP GET request until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A SQL injection issue exists in SourceCodester Sales and Inventory System version 1.0. This issue is located in the `update out standing.php` file, specifically within the HTTP GET Parameter Handler. Manipulation of the `sid` argument can lead to SQL injection. The attack can be carried out remotely, and the exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A SQL injection issue exists in SourceCodester Sales and Inventory System 1.0. The issue is related to the manipulation of the `searchtxt` argument within an HTTP POST request to the `/view category.php` file. This affects an unknown function. Successful exploitation could allow remote attackers to compromise the system. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A SQL injection issue exists in SourceCodester Sales and Inventory System version 1.0. The issue is located in the HTTP GET Request Handler component, specifically within the `/update supplier.php` file. Manipulation of the `sid` argument can lead to SQL injection. The attack can be launched remotely. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of HTTP POST requests. Specifically, manipulation of the `searchtxt` argument within a POST request to the `/view customers.php` file can lead to SQL injection. The vulnerable component is an unknown function within this file. The exploit is publicly available. **Recommendations** Apply any available updates to address the SQL injection issue in the HTTP POST Request Handler. As a temporary workaround, consider restricting or carefully validating the `searchtxt` parameter in POST requests to the `/view customers.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A security flaw exists in SourceCodester Sales and Inventory System 1.0. The issue is related to SQL injection within the HTTP POST Request Handler functionality, specifically in the `/view payments.php` file. Manipulation of the `searchtxt` argument can lead to a successful exploit. The exploit has been publicly released and may be used for attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A weakness exists in SourceCodester Sales and Inventory System 1.0 related to the HTTP POST Request Handler functionality within the `/view product.php` file. Manipulation of the `searchtxt` argument can lead to SQL injection. The attack can be performed remotely, and an exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of a GET parameter. Specifically, manipulation of the `sellid` argument within the `sales invoice1.php` file can lead to SQL injection. This issue is remotely exploitable and has been publicly disclosed. The vulnerable component is the GET Parameter Handler. **Recommendations** Apply a fix for the SQL injection issue in the `sales invoice1.php` file related to the `sellid` parameter.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A SQL injection issue exists in the Search component of SourceCodester Sales and Inventory System version 1.0. The issue is located in the `dashboard.php` file. Manipulating the `searchtxt` argument can lead to SQL injection, allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A flaw exists in SourceCodester Sales and Inventory System 1.0 that allows for SQL injection. This issue is located within the `check supplier details.php` file and involves the manipulation of the `stock name1` parameter through a POST request. The attack can be carried out remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A flaw exists in the GET Parameter Handler component of SourceCodester Sales and Inventory System 1.0, specifically within the `purchase invoice.php` file. The `purchaseid` argument is susceptible to SQL injection, potentially allowing for remote exploitation. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee Task Management System version 1.0 **Description** A SQL injection issue exists in the GET Parameter Handler component of the software, specifically within the file '/daily-attendance-report.php'. The `Date` parameter is susceptible to manipulation, leading to a SQL injection. The exploit is publicly available and can be used remotely. **Recommendations** Apply a fix for SourceCodester Employee Task Management System version 1.0.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A SQL injection issue exists in SourceCodester Sales and Inventory System. The issue is due to manipulation of the `sid` argument within the /add sales print.php file. This allows for remote attacks. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Sales and Inventory System version 1.0 **Description** A SQL injection issue exists in SourceCodester Sales and Inventory System 1.0. The issue is located in an unknown function within the `/add stock.php` file. Manipulating the `cost` argument can lead to SQL injection. The attack can be initiated remotely, and the exploit has been made public. **Recommendations** Apply a fix to address the SQL injection issue in the `/add stock.php` file.