Albadove

**Name of the Vulnerable Software and Affected Versions** code-projects Online Ordering System version 1.0 **Description** A critical issue exists in the processing of the `/admin/edit product.php` file. Manipulation of the `image` argument allows for unrestricted file upload. This issue may be initiated remotely and has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/edit product.php` file until a fix is available.

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical vulnerability has been found in the code-projects Inventory Management System, affecting an unknown functionality of the file /php action/removeBrand.php. The manipulation of the `brandId` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the functionality related to the /php action/removeBrand.php file until a patch is available. Restrict access to the `brandId` argument in the affected API endpoint to minimize the risk of exploitation. Avoid using the `brandId` argument in the /php action/removeBrand.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /php action/createProduct.php. The manipulation of the `productName` argument leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For code-projects Inventory Management System version 1.0, as a temporary workaround, consider disabling the functionality related to the `/php action/createProduct.php` file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `productName` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical vulnerability has been found in the code-projects Online Shoe Store. The issue affects an unknown functionality of the file /function/customer signup.php. The manipulation of the `email` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For code-projects Online Shoe Store version 1.0, as a temporary workaround, consider restricting access to the /function/customer signup.php file until a patch is available. Avoid using the `email` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.