Faith

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.20 **Description** A difficult to exploit vulnerability in Oracle VM VirtualBox allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. **Recommendations** For versions prior to 7.0.20, update to version 7.0.20 or later to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Canteen Management System version 1.0 **Description** A critical issue was found in the SourceCodester Canteen Management System, affecting some unknown functionality of the file changeUsername.php. The manipulation of the `username` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For SourceCodester Canteen Management System version 1.0, consider disabling the changeUsername.php file or restricting access to it until a patch is available. Avoid using the `username` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Canteen Management System version 1.0 **Description** A critical issue was found in the function query of the file createCategories.php, where the manipulation of the `categoriesStatus` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling the query function in createCategories.php or restricting access to it until a patch is available. Additionally, avoid using the `categoriesStatus` argument in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Canteen Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Canteen Management System. This issue affects the function query of the file createuser.php. The manipulation of the argument `uemail` leads to sql injection. The attack may be initiated remotely. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the `createuser.php` file until a patch is available. Avoid using the `uemail` argument in the affected function query until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-Based Student Clearance System (affected versions not specified) **Description** A problematic issue has been found in the SourceCodester Web-Based Student Clearance System, affecting the `prepare` function of the file `/Admin/add-student.php`. This issue leads to cross-site scripting and can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-Based Student Clearance System (affected versions not specified) **Description** A critical issue has been found, affecting an unknown function of the file /Admin/login.php, specifically the POST Parameter Handler component. The manipulation of the `txtusername` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.