Fengyilin

**Name of the Vulnerable Software and Affected Versions** code-projects Online Bidding System version 1.0 **Description** A security issue exists in code-projects Online Bidding System 1.0. Manipulation of the `ID` argument in the file '/administrator/weweee.php' can lead to SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the file `/administrator/weweee.php` until a fix is available. Avoid using the argument `ID` in the file `/administrator/weweee.php` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Bidding System version 1.0 **Description** A flaw exists in code-projects Online Bidding System that allows for SQL injection. The issue is located in the file `/administrator/wew.php` and involves manipulation of the `ID` argument within an unknown function. This can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Online Examination System version 1.0 **Description** The issue is related to SQL Injection via the `subject` parameter in `feed.php`. This allows for potential exploitation. **Recommendations** For Projectworlds Online Examination System version 1.0, consider disabling access to the `feed.php` file or restricting the use of the `subject` parameter until a patch is available. Avoid using the `subject` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Learning Management System Project In PHP With Source Code version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `LessonID` parameter in the processscore.php file. **Recommendations** For Itsourcecode Learning Management System Project In PHP With Source Code version 1.0, consider restricting access to the processscore.php file until a patch is available, and avoid using the `LessonID` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Payroll Management System version 1.0 **Description** The issue is related to SQL Injection in the payroll items.php file via the `ID` parameter. This allows for potential exploitation. **Recommendations** For Itsourcecode Payroll Management System version 1.0, consider restricting access to the payroll items.php file or the `ID` parameter to minimize the risk of exploitation until a fix is available.