Ahmadmarzook

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

**Name of the Vulnerable Software and Affected Versions** Simple ChatBox version 1.0 **Description** A flaw in the `SimpleChatbox PHP()` function within the `chatbox.sql` file of the Endpoint component allows for remote manipulation. This can lead to the exposure of sensitive file and directory information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple ChatBox versions prior to 1.1 **Description** A cross site scripting issue exists in the Endpoint component within the file '/chatbox/insert.php'. A remote attacker can exploit this by manipulating the `msg` argument. **Recommendations** Update to a version later than 1.0. As a temporary workaround, restrict access to the '/chatbox/insert.php' file or sanitize the `msg` argument to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions code-projects Patient Record Management System version 1.0 Description A weakness exists in code-projects Patient Record Management System 1.0, specifically within an unknown part of the `/db/hcpms.sql` file of the SQL Database Backup File Handler component. A manipulation can lead to information disclosure, and the attack can be launched remotely. The exploit has been made publicly available. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions code-projects Movie Ticketing System version 1.0 Description A vulnerability exists in the Movie Ticketing System that allows for information disclosure. The issue is related to the SQL Database Backup File Handler and involves manipulation of the `/db/moviedb.sql` file. The attack can be launched remotely and the exploit has been publicly disclosed. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

**Name of the Vulnerable Software and Affected Versions** code-projects Social Networking Site version 1.0 **Description** A security flaw exists in code-projects Social Networking Site 1.0. The issue affects an unknown function within the `delete photos.php` file of the Endpoint component. Manipulation of the `ID` parameter can lead to SQL injection. The attack can be carried out remotely. The exploit has been publicly released. **Recommendations** Apply a fix to address the SQL injection issue in the `delete photos.php` file. Restrict or disable access to the vulnerable function within the Endpoint component. Sanitize the `ID` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Social Networking Site version 1.0 **Description** A cross site scripting issue exists due to the manipulation of the `content` argument within an unknown function of the file '/home.php' of the Alert Handler component. Remote exploitation is possible and the exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Reviewer System version 1.0 **Description** A security issue exists in code-projects Online Reviewer System version 1.0. Manipulation of the `Description` argument in an unknown function within the file `/system/system/students/assessments/databank/btn functions.php` can lead to cross site scripting. This attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A weakness exists in code-projects Online Food Ordering System 1.0. The issue affects an unknown part of the file `/dbfood/localhost.sql`, potentially leading to unauthorized access to files or directories. The attack can be initiated remotely, and an exploit has been publicly released. Modifying the configuration settings is advised. **Recommendations** Modify the configuration settings.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A security issue exists in code-projects Online Food Ordering System 1.0, specifically within an unknown functionality of the `/dbfood/food.php` file. Manipulation of the `cuisines` parameter leads to cross site scripting. This attack can be launched remotely. The exploit has been publicly released and may be used for attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Food Ordering System version 1.0 **Description** A flaw exists in code-projects Online Food Ordering System 1.0, specifically within an unknown functionality of the `/dbfood/contact.php` file. Manipulating the `Name` parameter can lead to cross site scripting. This attack can be initiated remotely, and a public exploit is available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Accounting System version 1.0 **Description** A SQL injection issue exists in code-projects Accounting System version 1.0. The issue is located in the `/my account/delete.php` file, within an unknown function. Manipulating the `cos id` argument allows for remote exploitation. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/my account/delete.php` file until a fix is available. Avoid using the parameter `cos id` in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Accounting System version 1.0 **Description** A security issue exists in code-projects Accounting System version 1.0, specifically within the Web Application Interface component. Manipulation of the `costumer name` argument in the `/my account/add costumer.php` file can lead to cross site scripting. This attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Gym Management System versions prior to 1.1 **Description** A SQL injection issue exists in code-projects Simple Gym Management System. The issue is located in an unknown part of the `/gym/func.php` file. Manipulation of the `Trainer id`/`fname` argument can lead to SQL injection. The attack can be executed remotely. The exploit has been publicly disclosed. **Recommendations** Update to version 1.1 or later. As a temporary workaround, sanitize the `Trainer id` and `fname` parameters before using them in SQL queries.