Acmglz

**Name of the Vulnerable Software and Affected Versions** Codezips Online Shopping Portal version 1.0 **Description** A critical issue has been found in the software, allowing for SQL injection through the manipulation of the `username` argument in an unknown function of the file index.php. This can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For Codezips Online Shopping Portal version 1.0, as a temporary workaround, consider restricting access to the `index.php` file or disabling the unknown function that handles the `username` argument until a patch is available. Avoid using the `username` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: vedees wcms versions up to 0.3.2 Description: A critical vulnerability was found in vedees wcms, affecting an unknown functionality of the file /wex/finder.php. The manipulation of the `p` argument leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. There are reports of elevated activities targeting vedees wcms. Recommendations: For versions up to 0.3.2, as a temporary workaround, consider restricting access to the /wex/finder.php file until a patch is available. Avoid manipulating the `p` argument in the affected file to minimize the risk of exploitation. Review logs for signs of compromise. Patch immediately when a fix is available.

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A vulnerability has been found in the SourceCodester Record Management System, classified as problematic. This issue affects unknown code of the file search user.php. The manipulation of the `search` argument leads to cross-site scripting. The attack can be initiated remotely. Recommendations: For SourceCodester Record Management System version 1.0, consider restricting access to the search user.php file until a patch is available. As a temporary workaround, avoid using the `search` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Record Management System, affecting an unknown part of the file sort1 user.php. The manipulation of the `position` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Record Management System version 1.0, consider disabling access to the file sort1 user.php or restricting the manipulation of the `position` argument until a patch is available. As a temporary workaround, avoid using the `position` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8 Description: A vulnerability was found in ClassCMS, affecting an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Recommendations: As a temporary workaround, consider disabling access to the /index.php/admin file of the Logo Handler component until a patch is available. Restrict access to the Logo Handler component to minimize the risk of exploitation. Monitor for updates and apply patches as soon as they are released.

Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8 Description: A vulnerability has been found in ClassCMS, affecting some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the `Title` argument leads to basic cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For ClassCMS version 4.8, upgrade to version 4.9 to mitigate risks. As a temporary workaround, consider restricting access to the `/index.php/admin` endpoint and the `Title` argument in the Article Handler component until the issue is resolved. Monitor for updates and apply patches as they become available.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Faculty Evaluation System version 1.0 **Description** The issue concerns SQL Injection via the "/eval/admin/manage subject.php?id=" endpoint. This allows for potential manipulation of database queries by injecting malicious SQL code. **Recommendations** For Sourcecodester Faculty Evaluation System version 1.0, as a temporary workaround, consider restricting access to the "/eval/admin/manage subject.php?id=" endpoint until a patch is available. Avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Faculty Evaluation System version 1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "/eval/admin/manage class.php?id=" endpoint. The `id` variable is vulnerable to injection attacks. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Sourcecodester Faculty Evaluation System version 1.0, consider disabling access to the "/eval/admin/manage class.php" endpoint until a patch is available. Restrict the use of the `id` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Faculty Evaluation System version 1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "/eval/admin/view faculty.php?id=" endpoint. This allows for potential manipulation of database queries. **Recommendations** For Sourcecodester Faculty Evaluation System version 1.0, consider restricting access to the "/eval/admin/view faculty.php" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Faculty Evaluation System version 1.0 **Description** The issue concerns SQL Injection vulnerability via the "/eval/index.php?page=edit faculty&id=" endpoint. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For Sourcecodester Faculty Evaluation System version 1.0, as a temporary workaround, consider restricting access to the "/eval/index.php?page=edit faculty&id=" endpoint until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.