Sk3L10X1Ng

**Name of the Vulnerable Software and Affected Versions** SourceCodester Music Gallery Site version 1.0 **Description** A critical issue affects the processing of the file view category.php, where the manipulation of the `id` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Music Gallery Site version 1.0, consider temporarily restricting access to the view category.php file until a patch is available. As a mitigation measure, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Music Gallery Site version 1.0 **Description** A critical issue has been found, affecting an unknown function of the file /admin/?page=user/manage. The manipulation of the `id` argument leads to sql injection, allowing for remote attacks. **Recommendations** For SourceCodester Music Gallery Site version 1.0, consider disabling access to the /admin/?page=user/manage file until a patch is available. Restrict the use of the `id` argument in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Medical Certificate Generator App version 1.0 **Description** A problem was found in the New Record Handler component. The issue arises from the manipulation of arguments such as `Firstname`, `Middlename`, `Lastname`, `Suffix`, `Nationality`, `Doctor Fullname`, and `Doctor Suffix` with malicious input, like "><script>prompt(1)</script>, leading to cross-site scripting. This can be initiated remotely. **Recommendations** For version 1.0, consider disabling the New Record Handler component or restricting the input for the affected arguments until a fix is available. Avoid using the arguments `Firstname`, `Middlename`, `Lastname`, `Suffix`, `Nationality`, `Doctor Fullname`, and `Doctor Suffix` with unvalidated input to minimize the risk of exploitation.