Choco094Late

**Name of the Vulnerable Software and Affected Versions** Code-Projects Student Web Portal version 1.0 **Description** A SQL injection issue exists in Code-Projects Student Web Portal 1.0. The issue is located in the `profile.php` file, specifically through manipulation of the `User` argument. This allows for remote exploitation. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Student Web Portal version 1.0 **Description** A flaw exists in the Student Web Portal that allows for remote sql injection. The issue is located in the `valreg passwdation` function of the `signup.php` file. The `reg passwd` argument can be manipulated to exploit this flaw. The exploit is publicly available. **Recommendations** Apply a fix to address the sql injection issue in the `valreg passwdation` function of the `signup.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Responsive Tourism Website version 1.0 **Description** A SQL injection issue exists in the Login component of the software, specifically within the `/tourism/classes/Login.php?f=login` file. The `Username` argument is susceptible to manipulation, potentially allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Apply any available updates or patches to address the SQL injection issue in the `/tourism/classes/Login.php?f=login` file. As a temporary workaround, consider sanitizing the `Username` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** huggingface smolagents version 1.24.0 **Description** A weakness exists in the `LocalPythonExecutor` component of the software. The functions `requests.get` and `requests.post` are affected, potentially leading to server-side request forgery. This issue can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Responsive Tourism Website version 1.0 **Description** A flaw exists in SourceCodester Simple Responsive Tourism Website that allows for cross site scripting. This issue is triggered through manipulation of the `Title` argument in the file `/tourism/classes/Master.php?f=save package`. The attack can be launched remotely. The exploit details have been publicly released. **Recommendations** Apply any available updates to address the issue in the affected file `/tourism/classes/Master.php?f=save package`. As a temporary workaround, consider sanitizing the `Title` input to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Responsive Tourism Website version 1.0 **Description** A flaw exists in SourceCodester Simple Responsive Tourism Website version 1.0, specifically within an unknown function of the file `/tourism/classes/Master.php?f=register` related to the Registration component. Manipulation of the `firstname`, `lastname`, and `username` arguments can lead to cross site scripting. The attack can be launched remotely. An exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A SQL injection issue exists in projectworlds Advanced Library Management System version 1.0. The issue is located in the `/borrowed book search.php` file, within an unknown function. Manipulation of the `datefrom` and `dateto` arguments can lead to SQL injection. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. **Recommendations** Apply a fix for projectworlds Advanced Library Management System version 1.0 to address the SQL injection issue in the `/borrowed book search.php` file. As a temporary workaround, restrict access to the `/borrowed book search.php` file to minimize the risk of exploitation.