Ddea

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Computer and Laptop Store version 1.0 **Description** A critical issue has been found in the function `save brand` of the file `/classes/Master.php?f=save brand`. The manipulation of the argument `name` leads to sql injection. The attack may be initiated remotely. **Recommendations** For version 1.0, consider disabling the `save brand` function until a patch is available to prevent sql injection attacks. Restrict access to the `/classes/Master.php?f=save brand` endpoint to minimize the risk of exploitation. Avoid using the `name` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Computer and Laptop Store version 1.0 **Description** A critical issue was found in the function `delete order` of the file `/classes/master.php?f=delete order`. The manipulation of the argument `id` leads to sql injection. It is possible to launch the attack remotely. The issue has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Computer and Laptop Store version 1.0, consider disabling the `delete order` function until a patch is available. Restrict access to the `/classes/master.php?f=delete order` endpoint to minimize the risk of exploitation. Avoid using the `id` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Tours & Travels Management System version 1.0 **Description** A critical issue was found in the system, affecting the file useroperationspayment operation.php. The manipulation of the `booking id` argument leads to SQL injection. It is possible to initiate the attack remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For SourceCodester Online Tours & Travels Management System version 1.0, consider restricting access to the payment operation.php file until a patch is available. As a temporary workaround, avoid using the `booking id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Tours & Travels Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown part of the file admin/abc.php. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For SourceCodester Online Tours & Travels Management System version 1.0, consider disabling the `id` argument in the affected file admin/abc.php until a patch is available. Restrict access to the admin/abc.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Tours & Travels Management System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Online Tours & Travels Management System. The issue is related to an unknown function of the file admin/booking report.php, where the manipulation of the `to date` argument leads to SQL injection. This allows for remote attacks. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `to date` argument in the affected file admin/booking report.php until a patch is available. Restrict access to the admin/booking report.php file to minimize the risk of exploitation. Avoid using the `to date` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Tours & Travels Management System version 1.0 **Description** A critical issue has been found in the system, affecting the file admin/add payment.php. The manipulation of the `id` argument leads to sql injection. This issue can be initiated remotely. **Recommendations** For SourceCodester Online Tours & Travels Management System version 1.0, consider restricting access to the admin/add payment.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Tours & Travels Management System version 1.0 **Description** A critical issue affects the processing of the file admin/approve user.php, where the manipulation of the `id` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Online Tours & Travels Management System version 1.0, consider disabling the `id` argument in the admin/approve user.php file as a temporary workaround until a patch is available. Restrict access to the admin/approve user.php file to minimize the risk of exploitation.