Burak Sevben

Name of the Vulnerable Software and Affected Versions: SourceCodester Event Registration System version 1.0 Description: A critical issue was found in the SourceCodester Event Registration System, affecting an unknown part of the file portal.php. The manipulation of the `username` and `password` arguments leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Event Registration System version 1.0, consider disabling the `portal.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `username` and `password` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Barangay Population Monitoring System version 1.0 **Description** The system contains a cross-site scripting (XSS) vulnerability in the Add Resident function at "/barangay-population-monitoring-system/masterlist.php". This issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Full Name` parameter. **Recommendations** For Barangay Population Monitoring System version 1.0, consider disabling the Add Resident function at "/barangay-population-monitoring-system/masterlist.php" until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the `Full Name` parameter in the affected function to minimize the risk of arbitrary script execution.

**Name of the Vulnerable Software and Affected Versions** Simple Expense Tracker version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `expense` parameter at the "/endpoint/delete expense.php" API endpoint. **Recommendations** For Simple Expense Tracker version 1.0, consider restricting access to the "/endpoint/delete expense.php" endpoint until a patch is available. As a temporary workaround, avoid using the `expense` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Employee Managment System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/delete.php" API endpoint. **Recommendations** For Employee Managment System version 1.0, as a temporary workaround, consider restricting access to the "/delete.php" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Employee Managment System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/edit.php" API endpoint. **Recommendations** For Employee Managment System version 1.0, consider restricting access to the "/edit.php" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Employee Managment System version 1.0 **Description** An issue in the Employee Managment System allows attackers to bypass authentication via injecting a crafted payload into the `E-mail` and `Password` parameters at the "/alogin.html" API endpoint. **Recommendations** For Employee Managment System version 1.0, as a temporary workaround, consider restricting access to the "/alogin.html" API endpoint until a patch is available. Avoid using the `E-mail` and `Password` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Employee Managment System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `pwd` parameter at the "/aprocess.php" API endpoint. **Recommendations** For Employee Managment System version 1.0, consider restricting access to the "/aprocess.php" API endpoint to minimize the risk of exploitation. Avoid using the `pwd` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Employee Managment System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `mailud` parameter at the "/aprocess.php" API endpoint. **Recommendations** For Employee Managment System version 1.0, consider restricting access to the "/aprocess.php" API endpoint to minimize the risk of exploitation. Avoid using the `mailud` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Medicine Ordering System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/omos/?p=products/view product" API endpoint. **Recommendations** For Online Medicine Ordering System version 1.0, consider restricting access to the `/omos/?p=products/view product` API endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Barangay Population Monitoring System version 1.0 **Description** The system contains a cross-site scripting (XSS) vulnerability in the Add Resident function at "/barangay-population-monitoring-system/masterlist.php". This issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Contact Number` parameter. **Recommendations** For Barangay Population Monitoring System version 1.0, as a temporary workaround, consider restricting access to the Add Resident function at "/barangay-population-monitoring-system/masterlist.php" to minimize the risk of exploitation. Avoid using the `Contact Number` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Task Manager App version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Task Name` parameter in the "/TaskManager/Task.php" API endpoint. **Recommendations** For Task Manager App version 1.0, consider disabling the Task Name parameter in the /TaskManager/Task.php endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `Task Name` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Task Manager App version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `taskID` parameter at the "/TaskManager/EditTask.php" API endpoint. **Recommendations** For Task Manager App version 1.0, consider disabling the `taskID` parameter in the "/TaskManager/EditTask.php" endpoint until a patch is available. Restrict access to the "/TaskManager/EditTask.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Task Manager App version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Note Section` parameter at "/TaskManager/Tasks.php". This enables attackers to potentially manipulate the application's behavior or steal user data. **Recommendations** For Task Manager App version 1.0, consider disabling the Note Section parameter in the /TaskManager/Tasks.php endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution.

**Name of the Vulnerable Software and Affected Versions** Task Manager App version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `projectID` parameter at the "/TaskManager/EditProject.php" API endpoint. **Recommendations** For Task Manager App version 1.0, consider disabling access to the `/TaskManager/EditProject.php` endpoint until a patch is available. As a temporary workaround, restrict the use of the `projectID` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Admin Panel App version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `orderID` parameter at the "/adminView/viewEachOrder.php" API endpoint. **Recommendations** For Simple Admin Panel App version 1.0, consider restricting access to the "/adminView/viewEachOrder.php" endpoint until a patch is available. As a temporary workaround, avoid using the `orderID` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Admin Panel App version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Size Number` parameter under the `Add Size` function. **Recommendations** For Simple Admin Panel App version 1.0, consider disabling the `Add Size` function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the `Size Number` parameter to minimize the risk of arbitrary script execution.

**Name of the Vulnerable Software and Affected Versions** Simple Admin Panel App version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Category Name` parameter under the `Add Category` function. **Recommendations** For Simple Admin Panel App version 1.0, consider disabling the `Add Category` function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the `Category Name` parameter to minimize the risk of arbitrary script execution.

**Name of the Vulnerable Software and Affected Versions** Simple Admin Panel App version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Category Name` parameter under the `Add Category` function. **Recommendations** For Simple Admin Panel App version 1.0, consider disabling the `Add Category` function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the `Category Name` parameter to minimize the risk of arbitrary web script execution.

**Name of the Vulnerable Software and Affected Versions** Task Manager App version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Project Name` parameter in the "/TaskManager/Projects.php" API endpoint. This enables attackers to potentially manipulate the application's behavior or steal user data. **Recommendations** For Task Manager App version 1.0, consider disabling the `Project Name` parameter in the "/TaskManager/Projects.php" API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this issue.