Zhangwang

**Name of the Vulnerable Software and Affected Versions** code-projects Agro-School Management System version 1.0 **Description** A critical issue has been found in the system. The `doUpdateQuestion` function of the file `btn functions.php` is affected. The manipulation of the `question id` argument leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Agro-School Management System version 1.0, consider disabling the `doUpdateQuestion` function until a patch is available. Restrict access to the `btn functions.php` file to minimize the risk of exploitation. Avoid using the `question id` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Agro-School Management System version 1.0 **Description** A vulnerability has been found in the code-projects Agro-School Management System, affecting the function `doAddQuestion` of the file `btn functions.php`. The manipulation of the argument `Question` leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling the `doAddQuestion` function until a patch is available to prevent cross-site scripting attacks. Restrict access to the `btn functions.php` file to minimize the risk of exploitation. Avoid using the `Question` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Agro-School Management System version 1.0 **Description** A critical issue affects the Attachment Image Handler component, specifically the file btn functions.php, leading to unrestricted upload. The attack can be initiated remotely. **Recommendations** For code-projects Agro-School Management System version 1.0, consider disabling the Attachment Image Handler component until a patch is available. Restrict access to the btn functions.php file to minimize the risk of exploitation. Avoid using the Attachment Image Handler feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Agro-School Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown function of the file index.php. The manipulation of the `password` argument leads to sql injection, allowing for remote attacks. **Recommendations** For version 1.0, consider disabling the affected function in index.php until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the `password` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.