Gikaku

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Book Catalog App version 1.0 **Description** A vulnerability has been found in the Update Book Form component of the SourceCodester Simple Book Catalog App. The manipulation of the `book title` and `book author` arguments leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Simple Book Catalog App version 1.0, consider disabling the Update Book Form component until a patch is available. Restrict access to the `book title` and `book author` arguments in the Update Book Form to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Book Catalog App version 1.0 **Description** A critical vulnerability was found in the SourceCodester Simple Book Catalog App, affecting an unknown functionality of the file delete book.php. The manipulation of the `delete` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For SourceCodester Simple Book Catalog App version 1.0, consider disabling the delete functionality in the delete book.php file until a patch is available. Restrict access to the delete book.php file to minimize the risk of exploitation. Avoid using the `delete` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Take-Note App version 1.0 **Description** A problematic vulnerability was found in the SourceCodester Take-Note App, affecting an unknown part of the file index.php. The manipulation of the `noteContent` argument with the input `<script>alert('xss')</script>` leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Take-Note App version 1.0, as a temporary workaround, consider disabling the manipulation of the `noteContent` argument until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the `noteContent` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Take-Note App version 1.0 **Description** A vulnerability has been found in the SourceCodester Take-Note App, classified as problematic. This issue affects unknown code and leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Take-Note App version 1.0, consider disabling any functionality that may be related to the cross-site request forgery vulnerability until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Contact Manager App version 1.0 **Description** A problem was found in the SourceCodester Contact Manager App. It affects some unknown functionality of the file update.php. The issue leads to cross-site request forgery. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling access to the update.php file as a temporary workaround until a patch is available. Restrict access to this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Contact Manager App version 1.0 **Description** A problematic vulnerability has been found in the SourceCodester Contact Manager App, affecting an unknown part of the file index.php of the component Contact Information Handler. The manipulation of the `contactID` argument with the input "><sCrIpT>alert(1)</ScRiPt> leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For SourceCodester Contact Manager App version 1.0, consider disabling the `contactID` argument in the affected component until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Contact Manager App version 1.0 **Description** A critical issue has been found in the SourceCodester Contact Manager App, affecting the processing of the file add.php. The manipulation of the `contactName` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Contact Manager App version 1.0, consider restricting access to the add.php file until a patch is available. As a temporary workaround, avoid using the `contactName` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Inventory Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown function of the file index.php. The manipulation of the `page` argument leads to file inclusion. This issue can be exploited remotely. **Recommendations** For SourceCodester Inventory Management System version 1.0, consider restricting access to the index.php file to minimize the risk of exploitation. Avoid using the `page` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.