Fuyang

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel and Lodge Management System version 1.0 **Description** A security issue exists in SourceCodester Hotel and Lodge Management System 1.0. The manipulation of the `floorno` argument in an unknown function of the file '/pages/save room.php' can lead to SQL injection. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel and Lodge Management System version 1.0 **Description** A flaw exists in SourceCodester Hotel and Lodge Management System 1.0, specifically within the file `/del room.php`. Manipulation of the `ID` argument can lead to SQL injection. This issue is exploitable remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel and Lodge Management System version 1.0 **Description** A flaw exists in SourceCodester Hotel and Lodge Management System 1.0 related to the file `/del tax.php`. Manipulation of the `ID` parameter can lead to SQL injection. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** Apply any available updates or patches for SourceCodester Hotel and Lodge Management System version 1.0. As a temporary workaround, restrict access to the `/del tax.php` file. Sanitize the `ID` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam Form Submission version 1.0 **Description** A SQL injection issue exists in SourceCodester Online Exam Form Submission 1.0. Manipulation of the `ID` argument in the `/admin/delete user.php` API endpoint can lead to SQL injection. The exploit is publicly available and may be used for remote attacks. **Recommendations** As a temporary workaround, restrict access to the `/admin/delete user.php` API endpoint. Sanitize the `ID` parameter before using it in SQL queries.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Forum Discussion System version 1.0 Description: A SQL injection issue exists in the file `/admin class.php?action=login`. Manipulation of the `Username` parameter can lead to exploitation. The attack can be initiated remotely. Recommendations: As a temporary workaround, consider restricting access to the `/admin class.php?action=login` endpoint until the issue is resolved. Avoid using the `Username` parameter in the affected API endpoint `/admin class.php?action=login` until the issue is resolved.