Chenkh

Name of the Vulnerable Software and Affected Versions Campcodes Complete Online Learning Management System version 1.0 Description A flaw exists in Campcodes Complete Online Learning Management System version 1.0 that allows for unrestricted file upload. This is due to a manipulation within the `add lesson` function located in the `/application/models/Crud model.php` file. The attack can be initiated remotely. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `add lesson` function or the `/application/models/Crud model.php` file.

Name of the Vulnerable Software and Affected Versions Campcodes Complete POS Management and Inventory System versions up to 4.0.6 Description A vulnerability exists in Campcodes Complete POS Management and Inventory System up to version 4.0.6. The issue affects an unknown function within the `app/Http/Controllers/SettingsController.php` file of the Environment Variable Handler component, potentially leading to injection. The attack can be launched remotely, and the exploit has been publicly disclosed. Recommendations Update to a version later than 4.0.6.

Name of the Vulnerable Software and Affected Versions SourceCodester/jkev Record Management System version 1.0 Description A SQL injection issue exists in the Login component's `index.php` file due to the manipulation of the `Username` argument. This allows for remote attacks. The exploit is publicly available. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `Username` input to prevent SQL injection.

Name of the Vulnerable Software and Affected Versions SourceCodester/jkev Record Management System version 1.0 Description A flaw exists in the file `save emp.php` of the Add Employee Page component, allowing for unrestricted file uploads. Remote exploitation is possible. The exploit has been published. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `save emp.php` file.