G_Gx

Name of the Vulnerable Software and Affected Versions: SourceCodester Music Gallery Site version 1.0 Description: A critical issue was found in the software, affecting some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For version 1.0, consider disabling the `delete` functionality in the /classes/Users.php file until a patch is available. Restrict access to the /classes/Users.php?f=delete endpoint to minimize the risk of exploitation. Avoid using the `id` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Home Owners Collection Management System version 1.0 **Description** A critical issue affects the processing of the file /classes/Users.php?f=save, allowing unrestricted upload through the manipulation of the `img` argument. This can be initiated remotely. **Recommendations** For SourceCodester Home Owners Collection Management System version 1.0, as a temporary workaround, consider restricting access to the /classes/Users.php?f=save endpoint to minimize the risk of exploitation. Avoid using the `img` argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester School Intramurals Student Attendance Management System version 1.0 **Description** A critical issue has been identified, affecting the file /manage sy.php. The manipulation of the `id` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For SourceCodester School Intramurals Student Attendance Management System version 1.0, consider restricting access to the /manage sy.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueNet Technology Clinical Browsing System version 1.2.1 **Description** A critical issue has been found, affecting an unknown part of the file /xds/deleteStudy.php. The manipulation of the `documentUniqueId` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For BlueNet Technology Clinical Browsing System version 1.2.1, consider restricting access to the /xds/deleteStudy.php file until a fix is available. As a temporary workaround, avoid using the `documentUniqueId` argument in the affected file to minimize the risk of exploitation.