Bit3Hh

**Name of the Vulnerable Software and Affected Versions** SourceCodester Storage Unit Rental Management System version 1.0 **Description** A problematic vulnerability was found in the SourceCodester Storage Unit Rental Management System. This issue affects the file classes/Users.php?f=save, leading to unrestricted upload. The attack can be initiated remotely. **Recommendations** For version 1.0, consider restricting access to the `classes/Users.php?f=save` file to minimize the risk of exploitation. As a temporary workaround, avoid using the file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Tours & Travels Management System version 1.0 **Description** A vulnerability was found in the SourceCodester Online Tours & Travels Management System, allowing for unrestricted upload due to the manipulation of the `img` argument in an unknown function of the file admin/ab.php. This issue can be exploited remotely. **Recommendations** For SourceCodester Online Tours & Travels Management System version 1.0, consider disabling the upload functionality related to the `img` argument until a patch is available to prevent unrestricted file uploads. Restrict access to the admin/ab.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Graduate Tracer System version 1.0 **Description** A critical issue was found in the software, affecting the `mysqli query` function of the file `bsitemp.php`. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. The issue has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `mysqli query` function in the `bsitemp.php` file until a patch is available. Restrict access to the `bsitemp.php` file to minimize the risk of exploitation. Avoid using the `id` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Yoga Class Registration System version 1.0 **Description** A vulnerability was found in the SourceCodester Yoga Class Registration System. It affects the function query of the file admin/user/list.php. The manipulation of the `name` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For SourceCodester Yoga Class Registration System version 1.0, consider disabling the query function in the admin/user/list.php file until a patch is available. Restrict access to the admin/user/list.php file to minimize the risk of exploitation. Avoid using the `name` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Tours & Travels Management System version 1.0 **Description** A vulnerability was found in the system, affecting the processing of the file admin/traveller details.php. The manipulation of the `address` argument leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** For SourceCodester Online Tours & Travels Management System version 1.0, consider disabling the `address` argument in the admin/traveller details.php file until a patch is available. Restrict access to the admin/traveller details.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Yoga Class Registration System version 1.0 **Description** A critical issue was found in the system, affecting the `query` function of the file `admin/categories/manage category.php`. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Yoga Class Registration System version 1.0, consider restricting access to the `manage category.php` file until a fix is available. As a temporary workaround, avoid using the `id` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Graduate Tracer System version 1.0 **Description** A critical issue affects the function `mysqli query` of the file `admin cs.php`, leading to sql injection. The attack may be initiated remotely. The exploitation is known to be difficult, but the exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Graduate Tracer System version 1.0, consider disabling the `mysqli query` function in the `admin cs.php` file as a temporary workaround until a patch is available. Restrict access to the `admin cs.php` file to minimize the risk of exploitation. Avoid using the `mysqli query` function in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.