Chipower

**Name of the Vulnerable Software and Affected Versions:** Modern Bag version 1.0 **Description:** A critical vulnerability exists in Modern Bag version 1.0, affecting an unknown part of the file `/admin/slide.php`. The `idSlide` argument can be manipulated to cause a SQL injection. This issue is remotely exploitable, and the exploit has been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Modern Bag version 1.0 **Description:** A critical issue exists in Modern Bag 1.0, allowing for SQL injection through manipulation of the `namepro` argument in the `/admin/productadd back.php` file. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations:** Modern Bag version 1.0: Sanitize or validate the `namepro` argument in the `/admin/productadd back.php` file to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions:** Modern Bag version 1.0 **Description:** A critical vulnerability exists due to a SQL injection flaw in the `/admin/product-update.php` file. The `idProduct` argument is susceptible to manipulation, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations:** As a temporary workaround, restrict access to the `/admin/product-update.php` file. Sanitize the `idProduct` argument to prevent SQL injection attacks.