Gab3

**Name of the Vulnerable Software and Affected Versions** Parsec Automation TrakSYS versions 11.x.x **Description** A problematic vulnerability has been found in the Export Page component of the affected software, specifically in the file TS/export/contentpage. The issue involves the manipulation of the `ID` argument, leading to a direct request. This can be exploited remotely. The vendor was contacted about the disclosure but did not respond. **Recommendations** For versions 11.x.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Parsec Automation TrackSYS versions 11.x.x Description: A vulnerability was found in the processing of the file /TS/export/pagedefinition, where the manipulation of the `ID` argument leads to a direct request. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. Recommendations: For Parsec Automation TrackSYS versions 11.x.x, as a temporary workaround, consider restricting access to the /TS/export/pagedefinition file until a patch is available. Avoid manipulating the `ID` argument in this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sparksuite SimpleMDE versions up to 1.11.2 **Description** A problematic vulnerability was found in Sparksuite SimpleMDE, affecting an unknown part of the component iFrame Handler. The manipulation leads to cross-site scripting and can be initiated remotely. **Recommendations** For versions up to 1.11.2, update to a version later than 1.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the iFrame Handler component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Intelbras RX 1500 version 1.1.9 **Description** A vulnerability has been found in the SSID Handler component, specifically in the /WiFi.html file, which leads to cross-site scripting. The attack can be launched remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Intelbras RX 1500 version 1.1.9, as a temporary workaround, consider restricting access to the /WiFi.html file until a patch is available. Avoid using the SSID Handler component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Design Daily Journal version 1.012.GP.B **Description** A vulnerability has been found in the SQLite Database component, leading to cleartext storage in a file or on disk. The manipulation can be launched on the local host. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.012.GP.B, consider restricting access to the SQLite Database component to minimize the risk of exploitation. As a temporary workaround, avoid using the SQLite Database functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Task Reminder System version 1.0 **Description** A critical issue has been found in the system, affecting the file /admin/?page=reminders/view reminder. The manipulation of the `id` argument leads to SQL injection, allowing for remote attacks. **Recommendations** For SourceCodester Task Reminder System version 1.0, consider restricting access to the /admin/?page=reminders/view reminder endpoint until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Task Reminder System version 1.0 **Description** A critical issue has been found in the processing of the Master.php file, where the manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Task Reminder System version 1.0, consider restricting access to the Master.php file to minimize the risk of exploitation. Avoid using the `id` argument in the affected processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee Payslip Generator with Sending Mail version 1.2.0 **Description** A critical issue affects the processing of the file classes/Users.php?f=save in the New User Creation component. The manipulation of the `username` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For version 1.2.0, consider disabling the `username` argument in the affected file classes/Users.php?f=save until a patch is available. Restrict access to the New User Creation component to minimize the risk of exploitation. Avoid using the `username` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** codeprojects Pharmacy Management System version 1.0 **Description** A critical issue has been found in the Avatar Image Handler component of the file add.php, leading to unrestricted upload. The attack can be initiated remotely. The issue affects unknown code and has been publicly disclosed. **Recommendations** For version 1.0, consider disabling the Avatar Image Handler component until a patch is available to prevent unrestricted upload. Restrict access to the add.php file to minimize the risk of exploitation. Avoid using the vulnerable component to handle avatar images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Online News Portal version 1.0 **Description** A vulnerability was found in the file check availability.php, where the manipulation of the `username` argument leads to exposure of sensitive information through data queries. The attack can be launched remotely and has a rather high complexity, making exploitation difficult. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider restricting access to the check availability.php file until a patch is available. As a temporary workaround, avoid using the `username` argument in the affected functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Online News Portal version 1.0 **Description** A critical issue has been found in the Login Page component, where the manipulation of the `username` argument leads to SQL injection. This can be exploited remotely. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the Login Page or validating and sanitizing the `username` argument to prevent SQL injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Medical Certificate Generator App version 1.0 **Description** The issue is related to a lack of protection against SQL query structure exploitation in the action.php script of the Medical Certificate Generator App. This allows a remote attacker to execute arbitrary SQL code by manipulating the `lastname` argument, leading to a SQL injection attack. **Recommendations** For SourceCodester Medical Certificate Generator App version 1.0, consider disabling the `action.php` script or restricting access to it until a patch is available to prevent SQL injection attacks. Additionally, avoid using the `lastname` argument in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Calendar Event Management System version 2.3.0 **Description** A critical issue was found in the system, affecting an unknown part. The manipulation of the `start` and `end` arguments leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Calendar Event Management System version 2.3.0, consider restricting access to the SQL database to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `start` and `end` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Calendar Event Management System version 2.3.0 **Description** A critical issue affects the Login Page component of the system, where the manipulation of the `name` and `pwd` arguments leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Calendar Event Management System version 2.3.0, consider restricting access to the Login Page until a fix is available. As a temporary workaround, avoid using the `name` and `pwd` arguments in the login process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.