Cm7Ai

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A SQL injection flaw exists in the '/ajax.php?action=save product' endpoint. This issue allows a remote attacker to manipulate the `ID` argument to execute arbitrary SQL commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A weakness exists in itsourcecode Construction Management System 1.0 due to SQL injection in the `/borrowed tool report.php` file. The `Home` argument is susceptible to manipulation, allowing for remote attacks. The exploit is publicly available. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.