Drewbyte

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Petshop Management System version 1.0 **Description** A cross-site scripting issue exists in the Available Products Page component of the software, specifically within the `addcnp.php` file. Manipulation of the `name/description` argument can lead to the execution of malicious scripts. The exploit is publicly available. **Recommendations** As a mitigation, sanitize the `name/description` input to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Petshop Management System version 1.0 **Description** A security flaw exists in itsourcecode Online Petshop Management System version 1.0. The issue is a cross-site scripting (XSS) vulnerability within the Admin Dashboard component, specifically in the `availableframe.php` file. Manipulation of the `name/address` argument allows for remote exploitation. The exploit has been publicly released. **Recommendations** As a temporary workaround, consider restricting access to the `availableframe.php` file until a fix is available. Avoid using the `name/address` argument in the Admin Dashboard component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Public Access Catalog OPAC version 1.0 **Description** A security issue has been identified in itsourcecode Online Public Access Catalog OPAC. The vulnerability resides in an unknown function within the `mysearch.php` file, specifically within the POST Parameter Handler component. Manipulation of the `search field/search text` argument can lead to SQL injection. The attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Web-Based Internet Laboratory Management System version 1.0 **Description** A security flaw exists in itsourcecode Web-Based Internet Laboratory Management System. Manipulation of the `user email` argument in the `User::AuthenticateUser` function within the `login.php` file can lead to SQL injection. Remote exploitation is possible. The exploit has been released publicly. **Recommendations** Address the SQL injection issue in the `User::AuthenticateUser` function of the `login.php` file by sanitizing the `user email` argument.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Clinic Management System version 1.0 **Description** A security issue exists in itsourcecode Online Clinic Management System 1.0 related to the `transact.php` file. Manipulation of the `firstname` parameter can lead to SQL injection, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. Other parameters may also be affected. **Recommendations** As a temporary workaround, consider restricting access to the `transact.php` file until a fix is available. Avoid using the `firstname` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Clinic Management System version 1.0 **Description** A flaw has been found in the itsourcecode Online Clinic Management System. The vulnerability affects unknown code within the `/editp2.php` file. Manipulation of the `id`, `firstname`, `lastname`, `type`, `age`, and `address` arguments can lead to SQL injection. The attack can be executed remotely. **Recommendations** As a temporary workaround, consider restricting access to the `/editp2.php` file until a patch is available. Sanitize the `id`, `firstname`, `lastname`, `type`, `age`, and `address` parameters before using them in database queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Link Status Checker version 1.0 **Description** A security issue exists in SourceCodester Link Status Checker 1.0, affecting unknown code within the `index.php` file. Manipulation of the `proxy` argument can lead to server-side request forgery, allowing remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SiempreCMS versions up to 1.3.6 Description: A SQL injection issue exists in the `user search ajax.php` file of SiempreCMS. Manipulation of the `name/userName` argument can trigger the issue. The attack can be initiated remotely, and the exploit has been publicly disclosed. Recommendations: Update to a version later than 1.3.6. As a temporary workaround, restrict access to the `user search ajax.php` file.

Name of the Vulnerable Software and Affected Versions: SiempreCMS versions prior to 1.3.7 Description: A vulnerability was identified in SiempreCMS that allows for unrestricted file upload through manipulation of unknown code within the `/docs/admin/file upload.php` file. The attack can be launched remotely. The exploit is publicly available. Recommendations: Update to a version prior to 1.3.7. As a temporary workaround, restrict access to the `/docs/admin/file upload.php` file.

Name of the Vulnerable Software and Affected Versions: SourceCodester Time Tracker version 1.0 Description: A cross-site scripting (XSS) vulnerability exists due to manipulation of the `project-name` argument. The vulnerability affects an unknown function within the `/index.html` file. The exploit is publicly available and may be used for remote attacks. Recommendations: As a temporary workaround, consider restricting or disabling the use of the `project-name` argument until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Management System version 1.0 **Description** A flaw has been found that allows for unrestricted file upload. This occurs through manipulation of the `website image` argument in an unknown function of the `/admin/profile.php` file. Remote exploitation is possible. **Recommendations** As a temporary workaround, restrict access to the `/admin/profile.php` file to minimize the risk of exploitation.