Aaditya Singh Rajawat

**Name of the Vulnerable Software and Affected Versions** Student Enrollment In PHP version 1.0 **Description** The issue allows attackers to run arbitrary code via the Student Search function. This is a SQL Injection vulnerability, which means attackers can inject malicious SQL code to manipulate the database. The `Student Search` function is the vulnerable endpoint. **Recommendations** For version 1.0, consider disabling the `Student Search` function until a patch is available to prevent exploitation. Restrict access to the database to minimize the risk of arbitrary code execution. Avoid using user-inputted data directly in SQL queries to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Agro-School Management System version 1.0 **Description** The issue allows attackers to run arbitrary code via the Login page. This is due to a SQL Injection vulnerability. **Recommendations** For Agro-School Management System version 1.0, consider disabling the Login page functionality until a patch is available. Restrict access to the Login page to minimize the risk of exploitation. Avoid using user input in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Computer Science Time Table System version 1.0 **Description** The issue allows attackers to run arbitrary code via the "adminFormvalidation.php" endpoint. This can be exploited by injecting malicious SQL code, potentially leading to unauthorized access or data manipulation. **Recommendations** For Code-projects Computer Science Time Table System version 1.0, consider restricting access to the "adminFormvalidation.php" endpoint until a patch is available. As a temporary workaround, validate and sanitize all user input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Student Enrollment In PHP version 1.0 **Description** The issue is related to an arbitrary file upload vulnerability in the Add Student's Profile Picture function. This allows attackers to execute arbitrary code by uploading a crafted PHP file. **Recommendations** For version 1.0, consider disabling the Add Student's Profile Picture function until a patch is available to prevent exploitation. Restrict access to file upload functionality to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-Projects Exam Form Submission version 1.0 **Description** The issue allows attackers to run arbitrary code via the `Subject Name` and `Subject Code` sections, potentially leading to unauthorized actions. This is a Cross Site Scripting (XSS) issue. **Recommendations** For Code-Projects Exam Form Submission version 1.0, consider validating and sanitizing user input in the `Subject Name` and `Subject Code` sections to prevent the execution of arbitrary code. As a temporary workaround, restrict access to these sections until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** My Food Recipe Using PHP with Source Code version 1.0 **Description** The issue allows a local attacker to execute arbitrary code via a crafted payload to the `Recipe Name`, `Procedure`, and `ingredients` parameters. This enables the attacker to perform Cross Site Scripting attacks. **Recommendations** For My Food Recipe Using PHP with Source Code version 1.0, consider validating and sanitizing user input for the `Recipe Name`, `Procedure`, and `ingredients` parameters to prevent the execution of arbitrary code. As a temporary workaround, restrict access to these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Scholars Tracking System version 1.0 **Description** The issue allows attackers to run arbitrary code via the `login.php` endpoint. This is achieved through a SQL Injection attack, where an attacker can inject malicious SQL code to manipulate the database. The `login.php` endpoint is vulnerable to this type of attack, potentially allowing unauthorized access and data manipulation. **Recommendations** For Scholars Tracking System version 1.0, consider disabling the `login.php` endpoint until a patch is available to prevent exploitation. Restrict access to the database to minimize the risk of data manipulation. Avoid using user-input data directly in SQL queries to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Scholars Tracking System version 1.0 **Description** The issue allows attackers to run arbitrary code via the Personal Information Update information, potentially leading to unauthorized access and data manipulation. **Recommendations** For Code-projects Scholars Tracking System version 1.0, consider restricting access to the Personal Information Update feature until a patch is available. As a temporary workaround, avoid using the Personal Information Update functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Scholars Tracking System version 1.0 **Description** The issue allows attackers to run arbitrary code via the News Feed, potentially leading to the execution of malicious scripts. This is a Cross Site Scripting (XSS) vulnerability. **Recommendations** For Code-projects Scholars Tracking System version 1.0, consider restricting access to the News Feed until a patch is available. As a temporary workaround, avoid using the News Feed feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Scholars Tracking System version 1.0 **Description** The issue concerns SQL Injection under the Eligibility Information Update feature. This allows for potential manipulation of database queries, which could lead to unauthorized data access or modification. **Recommendations** For Code-projects Scholars Tracking System version 1.0, consider restricting access to the Eligibility Information Update feature until a patch is available. As a temporary workaround, avoid using user-inputted data directly in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Student Enrollment In PHP version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the Login function. **Recommendations** For version 1.0, consider disabling the Login function until a patch is available to prevent potential SQL injection attacks. Restrict access to the Login functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hospital Management System version 1.0 **Description** A SQL injection issue was found in the Hospital Management System, specifically via the `doc number` parameter at the "his admin view single employee.php" endpoint. **Recommendations** For Hospital Management System version 1.0, consider restricting access to the `his admin view single employee.php` endpoint until a patch is available, and avoid using the `doc number` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hospital Management System version 1.0 **Description** A SQL injection issue was found in the Hospital Management System. The vulnerability can be exploited via the `pat number` parameter at the "his doc view single patien.php" endpoint. **Recommendations** For Hospital Management System version 1.0, consider restricting access to the "his doc view single patien.php" endpoint until a patch is available. As a temporary workaround, avoid using the `pat number` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Flight Booking Management System version 1.0 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `airline` parameter in the add-airline form. This enables the execution of malicious code on the client-side. **Recommendations** For Online Flight Booking Management System version 1.0, consider validating and sanitizing user input for the `airline` parameter to prevent the injection of malicious payloads. As a temporary workaround, restrict access to the add-airline form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Flight Booking Management System version 1.0 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `airline` parameter in the feedback form. This enables the execution of malicious code on the client-side. **Recommendations** For Online Flight Booking Management System version 1.0, consider validating and sanitizing user input in the feedback form to prevent the injection of malicious payloads into the `airline` parameter. As a temporary workaround, restrict access to the feedback form until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** Hospital Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `pat number` parameter at the "his admin view single patient.php" endpoint. **Recommendations** For Hospital Management System version 1.0, consider restricting access to the "his admin view single patient.php" endpoint until a patch is available. As a temporary workaround, avoid using the `pat number` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Lost and Found Information System version 1.0 **Description** The issue concerns an unauthenticated SQL Injection vulnerability at the "/items/view&id=*" endpoint, which can be escalated to remote command execution. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the "/items/view&id=*" endpoint until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects.org Online Job Portal version 1.0 **Description** The issue concerns SQL Injection via the `Username` parameter for "Employer." This allows for potential exploitation. **Recommendations** For code-projects.org Online Job Portal version 1.0, avoid using the `Username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects.org Online Job Portal version 1.0 **Description** The issue is related to SQL Injection. It can be exploited via the "/Employer/DeleteJob.php?JobId=1" API endpoint, specifically through the `JobId` variable. This allows for potential unauthorized access and manipulation of data. **Recommendations** For code-projects.org Online Job Portal version 1.0, as a temporary workaround, consider restricting access to the "/Employer/DeleteJob.php" endpoint until a patch is available. Avoid using the `JobId` variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Scholars Tracking System version 1.0 **Description** The issue is related to SQL Injection via the News Feed. **Recommendations** For Code-projects Scholars Tracking System version 1.0, as a temporary workaround, consider restricting access to the News Feed until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.