Nomath

**Name of the Vulnerable Software and Affected Versions** code-projects Student Membership System version 1.0 **Description** A flaw exists in the User Registration Handler component of the software that allows for SQL injection. This issue can be exploited remotely through manipulation of the component’s processing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Student Membership System version 1.0 **Description** A flaw exists in code-projects Student Membership System version 1.0 that allows for SQL injection. The issue is located in the `/delete member.php` file, specifically through manipulation of the `ID` argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** Apply any available updates to address the SQL injection issue in the `/delete member.php` file. As a temporary workaround, consider restricting access to the `/delete member.php` file until a patch is available. Sanitize the `ID` input parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Student Membership System version 1.0 **Description** A flaw exists in code-projects Student Membership System version 1.0 that allows for sql injection. The issue is located in the `/delete user.php` file, specifically through manipulation of the `ID` argument within an unknown function. This allows for remote attacks. The exploit has been publicly released. **Recommendations** Apply a fix to address the sql injection issue in the `/delete user.php` file.

**Name of the Vulnerable Software and Affected Versions** code-projects Student Membership System version 1.0 **Description** A SQL injection issue exists in the Admin Login component of the software, specifically within the `/admin/index.php` file. Manipulation of the `username` and `password` arguments can trigger the injection. Remote exploitation is possible, and details of the issue have been publicly disclosed. **Recommendations** Apply a fix for version 1.0 to address the SQL injection issue in the `/admin/index.php` file.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Gym Management System version 1.0 **Description** A security issue exists in the Payment Handler component of code-projects Simple Gym Management System version 1.0. The manipulation of the `Payment id`, `Amount`, `customer id`, `payment type`, and `customer name` arguments can lead to SQL injection. Remote exploitation is possible. The exploit has been publicly disclosed. The affected API endpoint is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.