Guru

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Railway Reservation System version 1.0 **Description** A critical issue affects the processing of the file /admin/inquiries/view details.php, where the manipulation of the `id` argument leads to improper access controls. The attack can be initiated remotely. **Recommendations** For SourceCodester Online Railway Reservation System version 1.0, consider restricting access to the /admin/inquiries/view details.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Railway Reservation System version 1.0 **Description** A problematic issue was found in the Message Us Form component, specifically in the contact us.php file. The manipulation of the `fullname`, `email`, or `message` arguments leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For SourceCodester Online Railway Reservation System version 1.0, consider validating and sanitizing user input for the `fullname`, `email`, and `message` arguments in the contact us.php file to prevent cross-site scripting attacks. As a temporary workaround, restrict access to the Message Us Form component until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Railway Reservation System version 1.0 **Description** A problematic issue has been found in the system, affecting an unknown part of the file at the "/?page=reserve" endpoint. The manipulation of the `First Name`, `Middle Name`, and `Last Name` arguments leads to cross-site scripting. This issue can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Railway Reservation System version 1.0, consider disabling the `/api?page=reserve` endpoint until a patch is available. Restrict access to the `First Name`, `Middle Name`, and `Last Name` arguments in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Railway Reservation System version 1.0 **Description** A vulnerability was found in the Ticket Handler component, specifically affecting some unknown functionality of the file /?page=tickets. The manipulation of the `id` argument leads to improper access controls, allowing for remote attacks. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Railway Reservation System version 1.0, consider restricting access to the `/page=tickets` endpoint until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected Ticket Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Railway Reservation System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown functionality of the file /admin/. The manipulation of the `page` argument with the input `trains/schedules/system info` leads to improper authorization. This issue can be exploited remotely. **Recommendations** For SourceCodester Online Railway Reservation System version 1.0, as a temporary workaround, consider restricting access to the /admin/ file and the `page` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical vulnerability was found in the Comment Section of the SourceCodester Best Online News Portal. The issue affects unknown code in the file /news-details.php. The manipulation of the `name` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Best Online News Portal version 1.0, as a temporary workaround, consider restricting access to the /news-details.php file or disabling the Comment Section until a patch is available. Avoid using the `name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Resort Reservation System version 1.0 Description: A problematic issue was found in the system, affecting an unknown functionality of the file manage fee.php. The manipulation of the `toview` argument leads to cross-site scripting. The attack can be launched remotely. Recommendations: For SourceCodester Resort Reservation System version 1.0, consider restricting access to the manage fee.php file until a patch is available. As a temporary workaround, avoid using the `toview` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A critical vulnerability has been found in the Cart Content Handler component of the SourceCodester Online Eyewear Shop. This issue affects an unknown part of the file /classes/Master.php and is related to the manipulation of the `cart id/id` argument, leading to improper ownership management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Online Eyewear Shop version 1.0, consider disabling the Cart Content Handler component until a patch is available. Restrict access to the /classes/Master.php file to minimize the risk of exploitation. Avoid using the `cart id/id` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodesters Clinics Patient Management System version 2.0 Description: A critical issue affects the processing of the file /print diseases.php, where the manipulation of the `disease/from/to` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This issue may allow for unauthenticated remote code execution. Recommendations: For SourceCodesters Clinics Patient Management System version 2.0, patch immediately and review logs for signs of exploit. As a temporary workaround, consider restricting access to the `/print diseases.php` file and the `disease/from/to` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A vulnerability exists in the system, allowing for an open redirect. The issue is related to the manipulation of the `goto page` argument in an unknown function of the file congratulations.php. This can be exploited remotely. Recommendations: For version 2.0, consider restricting access to the congratulations.php file or the `goto page` argument to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A problem was found in the processing of the file /users.php, where the manipulation of the `message` argument leads to cross-site scripting. The attack may be initiated remotely. The issue affects some unknown processing, and the exploit has been disclosed to the public. Recommendations: For SourceCodester Clinics Patient Management System version 2.0, consider disabling the /users.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `message` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Sentiment Based Movie Rating System version 1.0 Description: A critical vulnerability was found in the software, affecting an unknown function of the file /classes/Users.php?f=save client of the component User Registration Handler. The manipulation of the `email` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For version 1.0, consider disabling the User Registration Handler or restricting access to the /classes/Users.php?f=save client file until a patch is available. Avoid using the `email` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Contact Manager with Export to VCF version 1.0 Description: A problematic issue has been found, affecting some unknown functionality of the file index.html. The manipulation of the `contact name` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For version 1.0, consider disabling the functionality related to the `contact name` argument in the index.html file to prevent cross-site scripting attacks until a patch is available. Restrict access to the index.html file to minimize the risk of exploitation. Avoid using the `contact name` argument in the affected functionality until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce Website version 1.0 Description: A critical issue has been identified in the /Admin/registration.php file, where the manipulation of the `fname` argument leads to SQL injection. This issue can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester E-Commerce Website version 1.0, consider disabling the registration functionality in the /Admin/registration.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `fname` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.