Weqi

**Name of the Vulnerable Software and Affected Versions** SourceCodester Malawi Online Market version 1.0 **Description** A flaw exists in SourceCodester Malawi Online Market 1.0 that allows for SQL injection. The issue is located in the `/display.php` file, specifically through manipulation of the `ID` argument. This attack can be launched remotely. An exploit for this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Ordering System version 1.0 **Description** A SQL injection issue exists in the SourceCodester Food Ordering System. The issue is located in the Parameter Handler component, specifically within the /purchase.php file. Manipulation of the `custom` argument can lead to SQL injection. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. **Recommendations** Apply a fix to the vulnerable parameter `custom` in the /purchase.php file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Library Management System version 1.0 **Description** A SQL injection issue exists in SourceCodester Online Library Management System version 1.0. Manipulating the `searchField` argument in a function within the /home.php file of the Parameter Handler component allows for remote exploitation. The exploit is publicly available. **Recommendations** Apply any available updates or patches for SourceCodester Online Library Management System version 1.0. As a temporary workaround, sanitize or validate the `searchField` input to prevent SQL injection attacks. Restrict access to the /home.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Admission System version 1.0 **Description** A flaw exists in SourceCodester Online Admission System 1.0. The issue affects an unknown function within the `/programmes.php` file. Manipulating the `program` argument can lead to SQL injection. The attack can be launched remotely. An exploit for this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester E-Commerce Site version 1.0 **Description** A flaw exists in SourceCodester E-Commerce Site 1.0 where manipulation of the `Search` argument in the `/products.php` file leads to SQL injection. This issue can be exploited remotely. The exploit for this issue is publicly available. **Recommendations** Apply any available updates or patches for SourceCodester E-Commerce Site version 1.0. As a temporary workaround, consider sanitizing the `Search` parameter to prevent SQL injection attacks. Restrict access to the `/products.php` file if possible.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Catering Reservation version 1.0 **Description** A flaw exists in SourceCodester Online Catering Reservation 1.0 that allows for SQL injection. The issue is located in an unknown function within the `/search.php` file. Manipulating the `rcode` argument can lead to successful exploitation. This attack can be carried out remotely. An exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Eye Clinic Management System version 1.0 **Description** A security issue exists in SourceCodester Eye Clinic Management System 1.0. The vulnerability is due to SQL injection in an unknown functionality within the `/main/search index Diagnosis.php` file. Manipulation of the `Search` argument can lead to exploitation, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Codezips College Management System versão 1.0 **Descrição** Um problema crítico foi encontrado no Codezips College Management System, afetando alguma funcionalidade desconhecida do arquivo /university.php. A manipulação do argumento `book name` leva à injeção de SQL. O ataque pode ser lançado remotamente. O exploit foi divulgado publicamente e pode ser utilizado. **Recomendações** Para o Codezips College Management System versão 1.0, considere desabilitar a funcionalidade relacionada ao arquivo /university.php até que um patch esteja disponível. Como solução temporária, restrinja o acesso ao argumento `book name` no arquivo afetado para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.