Christychen11

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A remote SQL injection exists due to a flaw in an unknown function within the '/ajax.php?action=delete category' endpoint. This issue allows for the manipulation of the `ID` argument to execute unauthorized database queries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** An issue exists where improper processing of the '/ajax.php?action=save type' endpoint allows for remote SQL injection. This occurs through the manipulation of the `ID` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or modification of the database. **Recommendations** Update SourceCodester Pharmacy Sales and Inventory System to a version newer than 1.0. As a temporary workaround, restrict access to the '/ajax.php?action=save type' endpoint or avoid using the `ID` parameter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A cross-site scripting issue exists in the '/index.php?page=categories' endpoint. A remote attacker can execute this by manipulating the `ID` argument. Cross-site scripting is a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** As a temporary workaround, avoid using the `ID` parameter in the '/index.php?page=categories' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists in Simple IT Discussion Forum version 1.0. The vulnerability is located in the `/question-function.php` file, within an unknown function. Manipulation of the `content` parameter can lead to SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. Recommendations Update to a newer version of Simple IT Discussion Forum that addresses this SQL injection issue. As a temporary workaround, restrict or carefully sanitize the `content` parameter in the `/question-function.php` file.

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists due to the manipulation of the `postid` argument in an unknown function within the /functions/addcomment.php file. The attack can be launched remotely. The exploit has been made public. Recommendations Address the SQL injection issue by sanitizing or validating the `postid` argument in the /functions/addcomment.php file. As a temporary workaround, consider restricting access to the /functions/addcomment.php file until a proper fix is implemented.

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists in Simple IT Discussion Forum 1.0 due to manipulation of the `post id` argument within an unknown function of the `/pages/content.php` file. This allows for remote exploitation and the exploit has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/pages/content.php` file.

Name of the Vulnerable Software and Affected Versions code-projects Online Shoe Store version 1.0 Description A flaw has been found in code-projects Online Shoe Store 1.0. The vulnerability affects an unknown functionality of the file '/admin/admin football.php'. A manipulation of the `product name` argument can lead to cross site scripting. It is possible to launch the attack remotely. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Online Shoe Store version 1.0 Description A cross site scripting issue exists due to the manipulation of the `product name` argument in the file '/admin/admin product.php'. The attack can be initiated remotely and the exploit has been publicly disclosed. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions code-projects Online Shoe Store version 1.0 Description A cross-site scripting issue exists due to manipulation of the `product name` argument in an unknown function within the `/admin/admin running.php` file. This allows for remote attacks. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `product name` input to prevent script injection.

Name of the Vulnerable Software and Affected Versions Simple Laundry System version 1.0 Description A cross-site scripting issue exists in the /delmemberinfo.php file of Simple Laundry System version 1.0. Manipulation of the `userid` argument can trigger this issue, allowing for remote attacks. The exploit is publicly available. Recommendations Update to a newer version of Simple Laundry System that addresses this issue.

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A flaw exists in the processing of the `/edit-category.php` file within Simple IT Discussion Forum 1.0. Manipulation of the `Category` argument can lead to cross site scripting. The attack can be launched remotely and an exploit has been published. Recommendations For Simple IT Discussion Forum version 1.0, carefully sanitize the `Category` argument in the `/edit-category.php` file to prevent cross site scripting.

Name of the Vulnerable Software and Affected Versions Simple Laundry System version 1.0 Description A security issue exists in code-projects Simple Laundry System 1.0. Manipulation of the `userid` argument in the /userchecklogin.php file can lead to SQL injection. This attack can be launched remotely. The exploit has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /userchecklogin.php file.