Fernando Mengali

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** A weakness in the `delete menu()` function within the '/admin/ajax.php?action=delete menu' endpoint allows for remote SQL injection. This occurs through the manipulation of the `ID` argument. SQL injection is a type of attack where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or manipulation of the database. **Recommendations** As a temporary workaround, restrict access to the '/admin/ajax.php?action=delete menu' endpoint or avoid using the `ID` parameter in that endpoint until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** A SQL injection flaw exists in the admin panel. The issue occurs within the `get cart items()` function located in the '/admin/ajax.php?action=get cart items' endpoint. A remote attacker can exploit this by manipulating the `ID` argument, allowing for the execution of arbitrary SQL commands. **Recommendations** Restrict access to the '/admin/ajax.php?action=get cart items' endpoint or temporarily disable the `get cart items()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save category of the file /admin/ajax.php?action=save category. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** A remote SQL injection can occur due to the manipulation of the `ID` argument. The issue is located in the `get cart count()` function within the '/admin/ajax.php?action=get cart count' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the '/admin/ajax.php?action=get cart count' endpoint or the `get cart count()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** A security flaw allows remote attackers to perform SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs within the `delete cart()` function located in the '/admin/ajax.php?action=delete cart' endpoint through the manipulation of the `ID` variable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/admin/ajax.php?action=delete cart' endpoint or disable the `delete cart()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** An issue exists where the manipulation of the `ID` argument in the 'Category' function of the 'pizza/index.php?page=category' endpoint allows for SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. This allows for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** A remote SQL injection flaw exists in the `/view prod.php` file. The issue occurs due to improper handling of the `ID` argument, allowing an attacker to execute arbitrary SQL commands. **Recommendations** As a temporary workaround, restrict access to the `/view prod.php` file or avoid using the `ID` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** A remote SQL injection exists in the `save order()` function within the '/admin/ajax.php?action=save order' endpoint. This issue occurs due to the improper manipulation of the `ID` argument, allowing an attacker to execute arbitrary SQL commands. **Recommendations** As a temporary workaround, restrict access to the '/admin/ajax.php?action=save order' endpoint or avoid using the `ID` argument until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** An issue in the `login2()` function within the '/admin/ajax.php?action=login2' endpoint allows for SQL injection via the manipulation of the `e-mail` argument. This flaw enables remote exploitation. **Recommendations** Update SourceCodester Pizzafy Ecommerce System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/admin/ajax.php?action=login2' endpoint or the `login2()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** An issue exists that allows remote attackers to perform SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. The problem occurs within the `Login()` function of the '/admin/ajax.php?action=login' endpoint through the manipulation of the `e-mail` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** An issue exists in the `delete category()` function within the '/admin/ajax.php?action=delete category' endpoint. Remote manipulation of the `ID` variable allows for SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. **Recommendations** As a temporary workaround, restrict access to the '/admin/ajax.php?action=delete category' endpoint or avoid using the `ID` parameter in that endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** minaliC version 2.0.0 **Description** minaliC version 2.0.0 contains a denial of service issue. Remote attackers can disrupt service by sending oversized GET requests. Specifically, crafted HTTP requests with excessive data can overwhelm the server, leading to service interruption. The issue allows attackers to crash the web server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical issue has been found in the REIN Command Handler component of FreeFloat FTP Server, leading to a buffer overflow. This can be exploited remotely. The issue affects some unknown functionality of the component. **Recommendations** For FreeFloat FTP Server version 1.0, as a temporary workaround, consider disabling the REIN Command Handler until a patch is available. Restrict access to the REIN Command Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical issue affects the RESTART Command Handler component, leading to a buffer overflow. This can be exploited remotely. The issue has been publicly disclosed. **Recommendations** For FreeFloat FTP Server version 1.0, consider disabling the RESTART Command Handler until a patch is available to prevent potential buffer overflow exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical issue was found in the XCWD Command Handler component, which can lead to a buffer overflow. This issue can be exploited remotely. **Recommendations** For FreeFloat FTP Server version 1.0, as a temporary workaround, consider disabling the XCWD Command Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical issue has been found in the XMKD Command Handler component, which can be exploited remotely. The manipulation of this component leads to a buffer overflow. The issue has been publicly disclosed and may be used for attacks. **Recommendations** For FreeFloat FTP Server version 1.0, as a temporary workaround, consider disabling the XMKD Command Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical vulnerability was found in FreeFloat FTP Server, affecting an unknown part of the HOST Command Handler component. The manipulation leads to buffer overflow and can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the HOST Command Handler component until a patch is available. Restrict access to the FreeFloat FTP Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical vulnerability has been found in the SET Command Handler component of FreeFloat FTP Server, leading to a buffer overflow. The attack can be initiated remotely, and the exploit has been disclosed to the public. This issue affects unknown code within the component. **Recommendations** For FreeFloat FTP Server version 1.0, as a temporary workaround, consider disabling the SET Command Handler component until a patch is available. Restrict access to the component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical issue affects the PROGRESS Command Handler component, leading to a buffer overflow. This can be exploited remotely. **Recommendations** For FreeFloat FTP Server version 1.0, consider disabling the PROGRESS Command Handler component until a patch is available. Restrict access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeFloat FTP Server version 1.0 **Description** A critical issue has been identified in the PASV Command Handler component of the software, leading to a buffer overflow when manipulated. This can be exploited remotely. The exploit has been publicly disclosed and may be utilized. **Recommendations** For FreeFloat FTP Server version 1.0, consider disabling the PASV Command Handler functionality as a temporary workaround until a patch is available. Restrict access to the affected component to minimize the risk of exploitation.