Huutuanbg97

**Nome do software vulnerável e versões afetadas** Sistema de Gerenciamento de Tarefas de Funcionários SourceCodester, versão 1.0 **Descrição** Foi identificada uma falha crítica no arquivo attendance-info.php, na qual a manipulação do argumento `user id` leva a uma injeção de SQL. Isso pode ser iniciado remotamente. A falha foi divulgada publicamente e pode ser explorada. **Recomendações** Para o Sistema de Gerenciamento de Tarefas de Funcionários SourceCodester versão 1.0, considere restringir o acesso ao arquivo attendance-info.php até que uma correção esteja disponível. Como solução temporária, evite usar o argumento `user id` no arquivo afetado para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta falha.

**Name of the Vulnerable Software and Affected Versions** phpkobo Ajax Poll Script version 3.18 **Description** A problematic vulnerability was found in the phpkobo Ajax Poll Script, affecting an unknown functionality of the file ajax-poll.php of the component Poll Handler. This vulnerability leads to improper enforcement of a single, unique action and can be launched remotely. **Recommendations** For phpkobo Ajax Poll Script version 3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webkul krayin crm version 1.2.4 **Description** A problematic issue was found in the Edit Person Page component, specifically affecting the /admin/contacts/organizations/edit/2 file. The manipulation of the `Organization` argument leads to cross-site scripting. This issue can be initiated remotely. The exploit has been disclosed publicly. **Recommendations** For version 1.2.4, consider disabling the `Edit Person Page` component or restricting access to the `/admin/contacts/organizations/edit/2` endpoint until a fix is available. Avoid using the `Organization` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Online Exam System, affecting unknown code of the file /kelasdosen/data. The manipulation of the argument `columns[1][data]` leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Online Exam System version 1.0, consider restricting access to the `/kelasdosen/data` file and avoid using the `columns[1][data]` argument in the affected API endpoint until a patch is available. As a temporary workaround, consider implementing input validation and sanitization to minimize the risk of SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam System version 1.0 **Description** A critical issue has been found in the processing of the file /jurusanmatkul/data, where the manipulation of the argument `columns[1][data]` leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Online Exam System version 1.0, consider restricting access to the /jurusanmatkul/data file and avoid using the `columns[1][data]` argument in the affected processing until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam System version 1.0 **Description** A critical issue affects the processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument `columns[1][data]` leads to sql injection. The attack may be initiated remotely. **Recommendations** For SourceCodester Online Exam System version 1.0, consider restricting access to the POST Parameter Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the `columns[1][data]` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam System version 1.0 **Description** A critical issue was found in the SourceCodester Online Exam System, affecting some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument `columns[1][data]` leads to sql injection. The attack may be launched remotely. **Recommendations** For SourceCodester Online Exam System version 1.0, consider restricting access to the vulnerable POST Parameter Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the `columns[1][data]` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam System version 1.0 **Description** A critical issue has been found in the SourceCodester Online Exam System, affecting the component POST Parameter Handler, specifically the file /dosen/data. The manipulation of the `columns[1][data]` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Online Exam System version 1.0, as a temporary workaround, consider restricting access to the POST Parameter Handler component, specifically the /dosen/data file, until a patch is available. Avoid using the `columns[1][data]` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam System version 1.0 **Description** A critical issue has been found in the SourceCodester Online Exam System, affecting the POST Parameter Handler component in the /kelas/data file. The manipulation of the `columns[1][data]` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Online Exam System version 1.0, consider restricting access to the POST Parameter Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the `columns[1][data]` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Online Exam System. The issue affects an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument `columns[1][data]` leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Exam System version 1.0, consider disabling the `columns[1][data]` argument in the POST Parameter Handler to prevent SQL injection attacks until a patch is available. Restrict access to the /jurusan/data file to minimize the risk of exploitation. Avoid using the `columns[1][data]` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Lost and Found Information System. The issue affects an unknown functionality of the file "admin/?page=items/manage item" of the component GET Parameter Handler. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the `id` argument in the "admin/?page=items/manage item" endpoint until a patch is available. Restrict access to the GET Parameter Handler component to minimize the risk of exploitation. Avoid using the `id` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical issue has been found in the component "admin/?page=items/view item" of the SourceCodester Lost and Found Information System, related to the lack of protection of the SQL query structure. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, as a temporary workaround, consider restricting access to the "admin/?page=items/view item" endpoint until a patch is available. Avoid using the `id` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical issue has been discovered, affecting an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the `id` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider restricting access to the `items/view.php` file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected GET Parameter Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A problematic issue affects the Contact Form component, specifically the file classes/Master.php?f=save inquiry. The manipulation of the `fullname`, `contact`, or `message` arguments leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider disabling the Contact Form component until a patch is available. Restrict access to the classes/Master.php file to minimize the risk of exploitation. Avoid using the `fullname`, `contact`, and `message` arguments in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical issue has been found, affecting the file "admin/?page=user/manage user". This leads to improper access controls, and the attack can be initiated remotely. The issue affects unknown code, allowing for potential exploitation. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider restricting access to the "admin/?page=user/manage user" endpoint until a patch is available. As a temporary workaround, review and limit user permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A vulnerability has been found in the system, classified as problematic, affecting an unknown functionality of the file admin/. The manipulation of the `page` argument leads to cross site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider restricting access to the admin/ file to minimize the risk of exploitation. As a temporary workaround, avoid using the `page` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical issue affects the GET Parameter Handler component in the file admin/?page=categories/view category, where the manipulation of the `id` argument leads to sql injection. This issue can be initiated remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, as a temporary workaround, consider restricting access to the `admin/?page=categories/view category` endpoint until a patch is available. Avoid using the `id` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lost and Found Information System version 1.0 **Description** A critical issue was found in the function `manager category` of the file `admin/?page=categories/manage category` of the component GET Parameter Handler. The manipulation of the argument `id` leads to sql injection. The attack may be launched remotely. **Recommendations** For SourceCodester Lost and Found Information System version 1.0, consider disabling the `manager category` function until a patch is available. Restrict access to the `admin/?page=categories/manage category` endpoint to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved.