Fany

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pre-School Management System version 1.0 **Description** A security flaw exists in SourceCodester Pre-School Management System 1.0 that can lead to a denial of service. The issue is located in the `removefile` function within the `app/controllers/FilehelperController.php` file. Manipulation of the `filepath` argument can trigger this condition. The attack can be carried out remotely, and an exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Magazine Management System version 1.0 **Description** A flaw exists in SourceCodester Online Magazine Management System 1.0 where manipulation of the `c` argument in the `/categories.php` file can lead to SQL injection. This issue is remotely exploitable. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Magazine Management System version 1.0 **Description** A security flaw exists in SourceCodester Online Magazine Management System 1.0. The issue is located in the file `/view magazine.php`. Manipulation of the `ID` argument can lead to SQL injection. This attack can be performed remotely. The exploit has been publicly released. **Recommendations** Apply a fix to address the SQL injection issue in the `/view magazine.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Dental Clinic Appointment Reservation System version 1.0 **Description** A flaw exists in SourceCodester Dental Clinic Appointment Reservation System that allows for remote SQL injection. Manipulation of the `username`/`password` arguments in the `/success.php` file can trigger this issue. The exploit is publicly available. **Recommendations** Apply input validation and sanitization to the `username` and `password` parameters used in the `/success.php` file.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file /php-ocls/classes/Master.php?f=pay order. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. An attacker can manipulate the `id` in Master.php for unauthorized access. Recommendations: For SourceCodester Online Computer and Laptop Store version 1.0, patch immediately and validate user input to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the vulnerable functionality of the file /php-ocls/classes/Master.php?f=pay order until a patch is available. Avoid using the `id` argument in the affected file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical issue has been found in the SourceCodester E-Commerce System, affecting an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the `photo` argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester E-Commerce System version 1.0, as a temporary workaround, consider disabling the upload functionality related to the `photo` argument until a patch is available. Restrict access to the /ecommerce/admin/products/controller.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A vulnerability was found in the Setting Handler component, affecting an unknown part of the file /php-ocls/classes/SystemSettings.php?f=update settings. The manipulation of the `System Name` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For version 1.0, consider disabling the `System Name` argument in the Setting Handler component until a patch is available. Restrict access to the /php-ocls/classes/SystemSettings.php?f=update settings file to minimize the risk of exploitation. Avoid using the `System Name` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical vulnerability has been found in the SourceCodester E-Commerce System, affecting unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the `user email` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider restricting access to the `/ecommerce/admin/login.php` endpoint until a patch is available. Avoid using the `user email` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical issue affects the processing of the file /ecommerce/popup Item.php, where the manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester E-Commerce System version 1.0, consider disabling the /ecommerce/popup Item.php file or restricting access to it until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.