Edenchen

**Name of the Vulnerable Software and Affected Versions** code-projects Online Bidding System version 1.0 **Description** A flaw exists in code-projects Online Bidding System version 1.0 that allows for SQL injection. Manipulation of the `ID` argument in the file '/administrator/bidlist.php' can trigger this issue. The attack can be launched remotely. The exploit has been published. **Recommendations** Apply any available updates to address the SQL injection issue in the '/administrator/bidlist.php' file. As a temporary workaround, restrict access to the '/administrator/bidlist.php' file. Sanitize the `ID` parameter before using it in SQL queries.