Wwesleywww

**Name of the Vulnerable Software and Affected Versions** Wavlink WN579X3 versions up to 20230615 **Description** A critical issue has been discovered, affecting an unknown function of the /cgi-bin/adm.cgi file in the Ping Test component. The manipulation of the `pingIp` argument leads to injection. This issue can be exploited remotely. **Recommendations** For Wavlink WN579X3 versions up to 20230615, consider restricting access to the /cgi-bin/adm.cgi file until a fix is available. As a temporary workaround, avoid using the `pingIp` argument in the affected Ping Test component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** C-DATA Web Management System up to 20230607 **Description** A critical issue affects the User Creation Handler component of the C-DATA Web Management System, specifically the file `/cgi-bin/jumpto.php?class=user&page=config save&isphp=1`. The manipulation of the `user/newpassword` argument leads to improper access controls, allowing remote attackers to potentially elevate their privileges by creating a new user. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/cgi-bin/jumpto.php?class=user&page=config save&isphp=1` endpoint until a patch is available. Avoid using the `user/newpassword` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyouCms versions up to 1.6.2 **Description** A vulnerability was found in an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the `web ico` argument leads to cross site scripting. The attack can be launched remotely. **Recommendations** For EyouCms versions up to 1.6.2, consider disabling the `web ico` argument in the /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyouCms version 1.5.4 **Description** A problematic issue was found in the New Picture Handler component, specifically in the file login.php, where an unknown function is affected. The manipulation of the `litpic loca` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For EyouCms version 1.5.4, consider disabling the `litpic loca` argument in the login.php file until a patch is available. Restrict access to the New Picture Handler component to minimize the risk of exploitation. Avoid using the `litpic loca` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Young Entrepreneur E-Negosyo System version 1.0 **Description** A critical vulnerability has been found in the system, affecting an unknown function of the file admin/products/controller.php?action=add. The manipulation of the `image` argument leads to unrestricted upload. It is possible to launch the attack remotely. **Recommendations** For version 1.0, consider disabling the file upload functionality in the admin/products/controller.php?action=add endpoint until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `image` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Young Entrepreneur E-Negosyo System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Young Entrepreneur E-Negosyo System. The issue affects an unknown functionality of the file passwordrecover.php. The manipulation of the `phonenumber` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the `passwordrecover.php` file or restricting access to it until a patch is available. Avoid using the `phonenumber` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Young Entrepreneur E-Negosyo System version 1.0 **Description** A critical issue has been found in the system, affecting the file index.php?q=product. The manipulation of the `search` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For version 1.0, consider restricting access to the `index.php?q=product` endpoint until a patch is available. As a temporary workaround, avoid using the `search` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Young Entrepreneur E-Negosyo System version 1.0 **Description** A critical issue was found in the system, affecting an unknown part of the file login.php. The manipulation of the `U USERNAME` argument leads to sql injection. It is possible to initiate the attack remotely. **Recommendations** For version 1.0, consider disabling the login functionality in login.php until a patch is available to prevent sql injection attacks through the `U USERNAME` argument. Restrict access to the login.php file to minimize the risk of exploitation. Avoid using the `U USERNAME` argument in the affected login functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Young Entrepreneur E-Negosyo System version 1.0 **Description** A critical issue has been found in the system, affecting some unknown functionality of the file cart/controller.php?action=add. The manipulation of the `PROID` argument leads to sql injection. **Recommendations** For version 1.0, consider disabling the functionality related to the `cart/controller.php?action=add` endpoint until a patch is available. Restrict access to the `PROID` argument in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Earnings and Expense Tracker App version 1.0 **Description** A problematic vulnerability has been found in the software, affecting an unknown part of the file, specifically the "Master.php?a=save expense" endpoint. The manipulation of the `name` argument leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For version 1.0, consider disabling the `save expense` functionality in the Master.php file until a patch is available. Restrict access to the "Master.php?a=save expense" endpoint to minimize the risk of exploitation. Avoid using the `name` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Earnings and Expense Tracker App version 1.0 **Description** A problematic issue has been found in the processing of the file "LoginRegistration.php?a=register user". The manipulation of the `fullname` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling the registration functionality in the "LoginRegistration.php?a=register user" file until a patch is available. Restrict access to the `fullname` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Task Allocation System version 1.0 **Description** A problematic issue has been discovered, allowing for cross-site scripting through the manipulation of the `Fullname` argument in the "LoginRegistration.php?a=register user" endpoint. This can be exploited remotely. **Recommendations** For SourceCodester Simple Task Allocation System version 1.0, consider restricting access to the "LoginRegistration.php?a=register user" endpoint until a fix is available, and avoid using the `Fullname` argument in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Automatic Question Paper Generator System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Automatic Question Paper Generator System. This issue affects an unknown part of the file classes/Users.php?f=save ruser. The manipulation of the `id` and `email` arguments leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For version 1.0, consider disabling the `save ruser` function in the classes/Users.php file until a patch is available. Restrict access to the `classes/Users.php?f=save ruser` endpoint to minimize the risk of exploitation. Avoid using the `id` and `email` arguments in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Automatic Question Paper Generator System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Automatic Question Paper Generator System. This issue affects the file admin/courses/view class.php of the component GET Parameter Handler. The manipulation of the `id` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling the `id` argument in the GET Parameter Handler to prevent sql injection until a patch is available. Restrict access to the admin/courses/view class.php file to minimize the risk of exploitation. Avoid using the `id` argument in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Automatic Question Paper Generator System version 1.0 **Description** A problematic issue has been found in the system, affecting the processing of the file classes/Master.php?f=save class. The manipulation of the `description` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling the `save class` functionality in the classes/Master.php file until a patch is available. Restrict access to the `classes/Master.php?f=save class` endpoint to minimize the risk of exploitation. Avoid using the `description` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester E-Commerce System version 1.0 **Description** A critical issue affects some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the `USERID` argument leads to improper access controls. The attack may be launched remotely. **Recommendations** For SourceCodester E-Commerce System version 1.0, consider disabling the `controller.php` file or restricting access to the `/ecommerce/admin/user/` endpoint until a patch is available. As a temporary workaround, avoid using the `USERID` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester E-Commerce System version 1.0 **Description** A problematic vulnerability was found in the SourceCodester E-Commerce System. The issue affects an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the `U NAME` argument with the input `<script>alert('1')</script>` leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the `admin/user/controller.php?action=edit` endpoint until a patch is available. Restrict access to the `U NAME` argument in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester E-Commerce System version 1.0 **Description** A critical issue was found in the system, allowing for sql injection through the manipulation of the `U USERNAME` argument in an unknown function of the login.php file. This issue can be exploited remotely, but the complexity of the attack is rather high and the exploitability is difficult. **Recommendations** For SourceCodester E-Commerce System version 1.0, consider restricting access to the login.php file or the `U USERNAME` argument to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Alphaware Simple E-Commerce System version 1.0 **Description** A critical issue was found in the software, affecting unknown code. The manipulation of the `email` and `password` arguments with a specific input leads to SQL injection. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider temporarily restricting access to the login functionality to minimize the risk of exploitation. Avoid using the `email` and `password` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Alphaware Simple E-Commerce System version 1.0 **Description** A critical issue has been found in the SourceCodester Alphaware Simple E-Commerce System, affecting an unknown part of the file admin/admin index.php. The manipulation of the `username` and `password` arguments with a specific input leads to SQL injection. This can be initiated remotely. The complexity of an attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider temporarily restricting access to the admin/admin index.php file until a patch is available. As a mitigation measure, avoid using the `username` and `password` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.