Antiz

**Name of the Vulnerable Software and Affected Versions** saiftheboss7 onlinemcqexam versions prior to 0e56806132971e49721db3ef01868098c7b42ada **Description** A SQL injection issue exists in saiftheboss7 onlinemcqexam. The issue is located in the file `/admin/quesadd.php` and involves manipulation of the `ans1`/`ans2` arguments. This allows for remote exploitation. The exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** Versions prior to 0e56806132971e49721db3ef01868098c7b42ada should be updated. As a temporary workaround, restrict access to the `/admin/quesadd.php` file to minimize the risk of exploitation. Avoid using the `ans1` and `ans2` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 **Description** A flaw exists in kidaze CourseSelectionSystem that allows for remote SQL injection. The issue is located in the `/Profilers/SProfile/login1.php` file, specifically through manipulation of the `Username` argument within an unknown function. The exploit is publicly available. **Recommendations** Versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 should be updated. As a temporary workaround, restrict access to the `/Profilers/SProfile/login1.php` file. Sanitize the `Username` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 **Description** A security flaw exists in kidaze CourseSelectionSystem. Manipulation of the `USN` argument in the `/Profilers/SProfile/reg.php` file can lead to SQL injection. The attack can be initiated remotely. The exploit has been publicly released. **Recommendations** Apply updates to kidaze CourseSelectionSystem to a version later than 42cd892b40a18d50bd4ed1905fa89f939173a464.