Xtxxueyan

**Name of the Vulnerable Software and Affected Versions** Online Food Ordering System version 2.0 **Description** The issue allows attackers to execute arbitrary code via uploading a crafted PHP file, exploiting an arbitrary file upload vulnerability in the component "/admin/ajax.php?action=save menu". **Recommendations** For Online Food Ordering System version 2.0, consider disabling the "/admin/ajax.php?action=save menu" endpoint until a patch is available to prevent arbitrary file uploads. Restrict access to this component to minimize the risk of exploitation. Avoid using this endpoint for file uploads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Dynamic Transaction Queuing System version 1.0 **Description** The issue concerns SQL Injection, which can be exploited via the `/queuing/index.php?page=display&id=` endpoint. The `id` parameter is vulnerable to SQL injection attacks. **Recommendations** For Sourcecodester Dynamic Transaction Queuing System version 1.0, as a temporary workaround, consider restricting access to the `/queuing/index.php?page=display&id=` endpoint until a patch is available. Avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Sourcecodester Simple E-Learning System versão 1.0 **Descrição** Foi detectada uma vulnerabilidade de injeção de SQL no endpoint /vcs/classRoom.php, especificamente no parâmetro `classCode`. Isso permite possíveis ataques de injeção de SQL. **Recomendações** Para o Sourcecodester Simple E-Learning System versão 1.0, considere restringir o acesso ao endpoint /vcs/classRoom.php até que uma correção esteja disponível. Como solução temporária, evite usar o parâmetro `classCode` no endpoint afetado para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.