Foreverfeifei

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Eyewear Shop version 1.0 **Description** A critical issue has been found in the software, affecting the processing of the file /classes/Users.php?f=delete customer. The manipulation of the `ID` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Online Eyewear Shop version 1.0, consider restricting access to the /classes/Users.php file, specifically the `delete customer` function, to minimize the risk of exploitation. Avoid using the `ID` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Eyewear Shop version 1.0 **Description** A vulnerability was found in SourceCodester Online Eyewear Shop. It affects an unknown function of the file /classes/Master.php?f=save product. The manipulation of the `brand` argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. **Recommendations** As a temporary workaround, consider disabling the function related to the /classes/Master.php?f=save product file until a patch is available. Restrict access to the `brand` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Eyewear Shop version 1.0 **Description** A vulnerability has been found in the Registration Handler component, specifically in the file /oews/classes/Master.php?f=save product, where the manipulation of the `email` argument leads to improper access controls. This issue can be exploited remotely. **Recommendations** For SourceCodester Online Eyewear Shop version 1.0, as a temporary workaround, consider restricting access to the Registration Handler component, specifically the file /oews/classes/Master.php?f=save product, to minimize the risk of exploitation. Avoid using the `email` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.