Akhlak2511

Name of the Vulnerable Software and Affected Versions: itsourcecode Agri-Trading Online Shopping System version 1.0 Description: A business logic issue exists in the Add to Cart function, allowing remote attackers to manipulate the `quant` parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic, reducing the total price to zero and allowing them to add items to the cart and proceed to checkout. Recommendations: For itsourcecode Agri-Trading Online Shopping System version 1.0, consider disabling the Add to Cart function until a patch is available to prevent exploitation of the business logic vulnerability. Restrict access to the `quant` parameter to minimize the risk of manipulation. As a temporary workaround, implement validation to ensure the quantity value is not set to -0 when adding products to the cart.

Name of the Vulnerable Software and Affected Versions: Code-projects Jonnys Liquor version 1.0 Description: A Reflected cross-site scripting (XSS) vulnerability in browse.php allows remote attackers to inject arbitrary web scripts or HTML via the `search` parameter. This issue enables attackers to execute malicious scripts on the victim's browser, potentially leading to unauthorized actions or data theft. Recommendations: For Code-projects Jonnys Liquor version 1.0, consider disabling the `search` parameter in the browse.php file as a temporary workaround until a patch is available. Restrict access to the browse.php module to minimize the risk of exploitation. Avoid using the `search` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Itsourcecode Online Furniture Shopping Project version 1.0 Description: A SQL injection issue in orderview1.php allows remote attackers to execute arbitrary SQL commands via the `id` parameter. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification. Recommendations: For Itsourcecode Online Furniture Shopping Project version 1.0, consider disabling the orderview1.php file or restricting access to it until a patch is available. Avoid using the `id` parameter in the affected orderview1.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Itsourcecode Construction Management System version 1.0 Description: A SQL injection issue in the print.php file allows remote attackers to execute arbitrary SQL commands via the `map id` parameter. This enables attackers to potentially extract or modify sensitive data. The issue can be exploited by sending crafted requests to the vulnerable endpoint, allowing for unauthorized access to database resources. Recommendations: For Itsourcecode Construction Management System version 1.0, consider disabling the print.php file or restricting access to it until a patch is available. Avoid using the `map id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, restrict access to the print.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Itsourcecode Construction Management System version 1.0 Description: A SQL injection issue in printtool.php allows remote attackers to execute arbitrary SQL commands via the `borrow id` parameter. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification. Recommendations: For Itsourcecode Construction Management System version 1.0, as a temporary workaround, consider restricting access to the printtool.php file or disabling the `borrow id` parameter until a patch is available. Avoid using the `borrow id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.