Ace

**Name of the Vulnerable Software and Affected Versions** House Rental System (affected versions not specified) **Description** A critical issue was found in the House Rental System, affecting some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the `id photo` argument leads to unrestricted upload. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** House Rental System (affected versions not specified) **Description** A critical vulnerability has been found in the House Rental System, affecting an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the `search property` argument leads to sql injection. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable `search-property.php` file or disabling the manipulation of the `search property` argument in the POST Request Handler to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** House Rental System (affected versions not specified) **Description** A critical issue was found in the House Rental System, affecting an unknown function of the file /view-property.php. The manipulation of the `property id` argument leads to sql injection. It is possible to launch the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /view-property.php file or disabling the manipulation of the `property id` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FeMiner wms (affected versions not specified) **Description** A critical issue has been found in FeMiner wms, affecting some unknown functionality of the file "/product/savenewproduct.php?flag=1". The manipulation of the `upfile` argument leads to unrestricted upload. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the "/product/savenewproduct.php?flag=1" endpoint to minimize the risk of exploitation. Avoid using the `upfile` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Movie Ticket Booking System (affected versions not specified) **Description** A critical issue was found in the Movie Ticket Booking System, affecting the file booking.php. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Movie Ticket Booking System (affected versions not specified) **Description** A critical issue has been found in the Movie Ticket Booking System, affecting the processing of the file editBooking.php. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Movie Ticket Booking System (affected versions not specified) **Description** A problematic issue was found in the Movie Ticket Booking System, affecting some unknown functionality of the file editBooking.php. This issue leads to cross site scripting and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Movie Ticket Booking System (affected versions not specified) **Description** A problematic issue has been found in the Movie Ticket Booking System, affecting an unknown functionality of the file booking.php. The manipulation of the `id` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Movie Ticket Booking System (affected versions not specified) **Description** A problematic issue was found in the Movie Ticket Booking System, affecting an unknown function of the component POST Request Handler. The manipulation of the `ORDER ID` argument leads to cross-site scripting. It is possible to launch the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rickxy Stock Management System (affected versions not specified) **Description** A critical issue was found in the rickxy Stock Management System, affecting some unknown functionality of the file /pages/processlogin.php. The manipulation of the `user`/`password` argument leads to sql injection. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/pages/processlogin.php` file to minimize the risk of exploitation. Avoid using the `user` and `password` arguments in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** rickxy Stock Management System (affected versions not specified) **Description** A vulnerability was found in the rickxy Stock Management System, affecting unknown code in the file /pages/processlogin.php. The manipulation of the `user` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rickxy Stock Management System (affected versions not specified) **Description** A vulnerability was found in the rickxy Stock Management System, classified as problematic. This issue affects some unknown processing of the file "us transac.php?action=add", leading to cross-site request forgery. The attack may be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hostel Searching Project (affected versions not specified) **Description** A critical issue has been found in the Hostel Searching Project, affecting the file view-property.php. The manipulation of the `property id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Student Attendance Management System (affected versions not specified) **Description** A vulnerability was found in the Student Attendance Management System, classified as problematic. It affects an unknown function of the file createClass.php. The manipulation of the `className` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Student Attendance Management System (affected versions not specified) **Description** A critical issue affects the Student Attendance Management System, specifically the file /Admin/createClass.php. The manipulation of the `Id` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hospital Management Center (affected versions not specified) **Description** A critical issue has been found in Hospital Management Center, affecting an unknown function of the file patient-info.php. The manipulation of the `pt id` argument leads to sql injection. It is possible to launch the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sports Club Management System version 119 **Description** A critical issue was found in the Sports Club Management System, affecting the file admin/make payments.php. The manipulation of the `m id/plan` argument leads to SQL injection. It is possible to initiate the attack remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For Sports Club Management System version 119, consider disabling access to the `admin/make payments.php` file until a patch is available. Restrict the manipulation of the `m id/plan` argument to minimize the risk of SQL injection. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Hospital Management Center (affected versions not specified) **Description** A problematic vulnerability was found in Hospital Management Center, affecting an unknown functionality of the file appointment.php. This vulnerability leads to cross-site request forgery and can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MonikaBrzica scm (affected versions not specified) **Description** A critical issue was found in MonikaBrzica scm, affecting an unknown part of the file uredi korisnika.php. The manipulation of the `id` argument leads to sql injection. It is possible to initiate the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pingkon HMS-PHP (affected versions not specified) **Description** A critical issue affects the processing of the file admin/adminlogin.php, where the manipulation of the `uname/pass` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.