Anx0Ing

**Name of the Vulnerable Software and Affected Versions** SourceCodester eLearning System version 1.0 **Description** A critical issue was found in the SourceCodester eLearning System, affecting the /admin/students/manage.php file. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester eLearning System version 1.0, consider restricting access to the /admin/students/manage.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue concerns SQL injection vulnerability in the `/card/in-card.php` file, specifically affecting the `id no` parameters. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For Library Management System version 1.0, consider restricting access to the `/card/in-card.php` file or disabling the `id no` parameters to minimize the risk of SQL injection exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simple Online Book Store System version 1.0 **Description** The issue concerns Cross Site Scripting (XSS) in the /admin book.php file, where the `Title`, `Author`, and `Description` parameters are vulnerable. This allows for potential malicious script injection. **Recommendations** For Simple Online Book Store System version 1.0, consider validating and sanitizing user input for the `Title`, `Author`, and `Description` parameters in the /admin book.php file to prevent XSS attacks. As a temporary workaround, restrict access to the /admin book.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Class and Exam Scheduling System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Online Class and Exam Scheduling System. The issue is related to an unknown function of the file /pages/class sched.php. The manipulation of the `class` argument with a specific input leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `class` argument in the /pages/class sched.php file until a patch is available. Restrict access to the /pages/class sched.php file to minimize the risk of exploitation. Avoid using the `class` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Class and Exam Scheduling System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Online Class and Exam Scheduling System, affecting an unknown functionality of the file /pages/faculty sched.php. The manipulation of the `faculty` argument with a specific input leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the /pages/faculty sched.php file until a patch is available. Avoid using the `faculty` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Apartment Visitor Management System version 1.0 **Description** A critical issue has been found, affecting an unknown part of the file index.php. The manipulation of the `username` argument with a specific input leads to SQL injection. This can be initiated remotely. **Recommendations** For SourceCodester Apartment Visitor Management System version 1.0, consider restricting access to the `index.php` file until a patch is available. As a temporary workaround, avoid using the `username` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Interview Management System version 1.0 **Description** A problematic issue was found in the system, affecting the processing of the file /addQuestion.php. The manipulation of the `question` argument with the input `<script>alert(1)</script>` leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For SourceCodester Interview Management System version 1.0, consider validating and sanitizing user input for the `question` argument in the /addQuestion.php file to prevent cross-site scripting attacks. As a temporary workaround, restrict access to the /addQuestion.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Interview Management System version 1.0 **Description** A critical issue affects the processing of the file /viewReport.php, where the manipulation of the `id` argument with a specific input leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Interview Management System version 1.0, consider restricting access to the /viewReport.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Church Management System version 1.0 **Description** A critical issue has been discovered, allowing for SQL injection. This is achieved by manipulating the `username` argument in the `/login.php` file with a specifically crafted input. The issue can be exploited remotely. **Recommendations** For SourceCodester Church Management System version 1.0, as a temporary workaround, consider restricting access to the `/login.php` file or disabling the `username` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Food Ordering System version 1.0 **Description** A problematic issue was found in the system, affecting the /login.php file. The manipulation of the `email` and `password` arguments with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For SourceCodester Simple Food Ordering System version 1.0, as a temporary workaround, consider restricting access to the `/login.php` file or validating and sanitizing user input for the `email` and `password` arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Apartment Visitor Management System version 1.0 **Description** A problematic issue has been found, affecting the /manage-apartment.php file. The manipulation of the `Apartment Number` argument with the input `<script>alert(1)</script>` leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For SourceCodester Apartment Visitor Management System version 1.0, consider restricting the input for the `Apartment Number` argument to prevent cross-site scripting attacks until a fix is available. As a temporary workaround, restrict access to the /manage-apartment.php file to minimize the risk of exploitation.