Cyberthoth

Name of the Vulnerable Software and Affected Versions decolua 9router versions up to 0.3.47 Description A security issue exists in decolua 9router that allows an attacker to bypass authorization. The vulnerability is located in an unknown function within the /api of the Administrative API Endpoint component. This can be exploited remotely. The exploit has been publicly disclosed. Recommendations Upgrade to version 0.3.75 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple e-Learning System version 1.0 **Description** A problematic issue was found in the system, affecting an unknown functionality of the file /vcs/claire blake. The manipulation of the `Bio` argument with the input "><script>alert(document.cookie)</script> leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Simple e-Learning System version 1.0, as a temporary workaround, consider restricting the input for the `Bio` argument to prevent cross-site scripting attacks until a patch is available. Avoid using the `Bio` argument in the affected file /vcs/claire blake until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Sales Management System version 1.0 **Description** A problematic issue was found in the system, affecting an unknown functionality of the file /ci ssms/index.php/orders/create. The manipulation of the `customer name` argument with the input `<script>alert("XSS")</script>` leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For version 1.0, consider restricting the input for the `customer name` argument in the /ci ssms/index.php/orders/create file to prevent cross-site scripting attacks. As a temporary workaround, consider validating and sanitizing all user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Clinics Patient Management System version 2.0 **Description** A critical issue was found in the system, affecting an unknown function of the file /pms/update user.php?user id=1. The manipulation of the `profile picture` argument with malicious input, such as <?php phpinfo();?>, leads to unrestricted upload. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For SourceCodester Clinics Patient Management System version 2.0, consider restricting access to the /pms/update user.php file until a patch is available. As a temporary workaround, avoid using the `profile picture` argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Clinics Patient Management System version 2.0 **Description** A critical issue has been found in the Login Page component, specifically in the file /pms/index.php. The manipulation of the `user name` argument with the input `admin' or '1'='1` leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For version 2.0, as a temporary workaround, consider restricting access to the `/pms/index.php` file or disabling the Login Page functionality until a patch is available. Avoid using the `user name` argument in the affected login functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Parking Management System version 1.0 **Description** A problematic issue has been found in the system, affecting some unknown functionality of the file /ci spms/admin/search/searching/. The manipulation of the `search` argument with the input "><script>alert("XSS")</script> leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the search functionality in the /ci spms/admin/search/searching/ file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `search` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Parking Management System version 1.0 **Description** A problematic issue was found in the system, affecting an unknown part of the file /ci spms/admin/category. The manipulation of the `vehicle type` argument with the input "><script>alert("XSS")</script> leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Simple Parking Management System version 1.0, consider validating and sanitizing user input for the `vehicle type` argument to prevent cross-site scripting attacks. As a temporary workaround, restrict access to the /ci spms/admin/category file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel Management System version 2.0 **Description** A problem was found in the Search component, affecting the /ci hms/search file. The issue is related to the manipulation of the `search` argument with a specific input, leading to cross-site scripting. This can be initiated remotely. **Recommendations** For version 2.0, consider restricting access to the /ci hms/search endpoint until a fix is available. As a temporary workaround, avoid using the `search` argument in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel Management System version 2.0 **Description** A problematic vulnerability has been found in the Room Edit Page component, specifically in the file /ci hms/massage room/edit/1. The issue arises from the manipulation of the `massageroomDetails` argument with malicious input, such as "><script>alert("XSS")</script>, leading to cross-site scripting. This attack can be launched remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For SourceCodester Hotel Management System version 2.0, as a temporary workaround, consider restricting access to the Room Edit Page or disabling the editing functionality until a patch is available. Avoid using the `massageroomDetails` argument in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Library Management System version 1.0 **Description** A critical issue has been discovered, affecting an unknown functionality of the file /librarian/bookdetails.php. The issue can be exploited through SQL injection by manipulating the `id` argument with a specially crafted input, such as ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB. This allows for remote attacks. The exploit details have been publicly disclosed. **Recommendations** For SourceCodester Library Management System version 1.0, consider restricting access to the /librarian/bookdetails.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Library Management System version 1.0 **Description** A vulnerability was found in the system, affecting an unknown functionality of the file "/admin/edit admin details.php?id=admin". The manipulation of the `Name` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester Library Management System version 1.0, consider restricting access to the "/admin/edit admin details.php?id=admin" endpoint until a patch is available. As a temporary workaround, avoid using the `Name` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Library Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown function of the /card/index.php component. The manipulation of the `image` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For SourceCodester Library Management System version 1.0, restrict access to the /card/index.php endpoint to minimize the risk of exploitation. Avoid using the `image` argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fast Food Ordering System version 1.0 **Description** A problematic issue has been discovered, affecting the Master.php file of the Master List. The manipulation of the `Description` argument with the input `foo "><img src="" onerror="alert(document.cookie)">` leads to cross-site scripting. This issue can be exploited remotely, but authentication is required. Exploit details are publicly available. **Recommendations** For Fast Food Ordering System version 1.0, consider disabling the `Description` argument in the Master.php file until a patch is available to prevent cross-site scripting attacks. Restrict access to the Master List to minimize the risk of exploitation. Avoid using the `Description` argument in the affected file until the issue is resolved.