Haoyv

**Name of the Vulnerable Software and Affected Versions:** Modern Bag version 1.0 **Description:** A critical issue exists in Modern Bag version 1.0, specifically within an unknown function of the `/contact-back.php` file. The `contact-name` argument is susceptible to SQL injection, allowing for remote exploitation. The exploit details have been publicly disclosed. **Recommendations:** Modern Bag version 1.0: Sanitize the `contact-name` argument to prevent SQL injection attacks. Modern Bag version 1.0: Restrict access to the `/contact-back.php` file if possible.

**Name of the Vulnerable Software and Affected Versions:** Modern Bag version 1.0 **Description:** A critical issue exists in an unknown functionality of the file `/admin/slideupdate.php`. Manipulation of the `idSlide` argument can lead to SQL injection. The attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations:** Modern Bag version 1.0: Address the SQL injection issue in the `/admin/slideupdate.php` file by sanitizing the `idSlide` argument.

**Name of the Vulnerable Software and Affected Versions:** Modern Bag version 1.0 **Description:** A critical issue exists in Modern Bag version 1.0 related to SQL injection. The vulnerability is located in the `/admin/contact-list.php` file, specifically through manipulation of the `idStatus` argument. This allows for remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations:** Modern Bag version 1.0: Address the SQL injection vulnerability by sanitizing or validating the `idStatus` argument within the `/admin/contact-list.php` file.