Hedunsec

**Name of the Vulnerable Software and Affected Versions** code-projects Modern Bag version 1.0 **Description** A vulnerability exists in code-projects Modern Bag 1.0. This issue is a SQL injection affecting an unknown functionality of the `/admin/login-back.php` file. Manipulation of the `user-name` argument can lead to SQL injection, and the attack can be launched remotely. The exploit has been publicly disclosed and may be used. **Recommendations** code-projects Modern Bag version 1.0: Sanitize the `user-name` input to prevent SQL injection attacks. As a temporary workaround, restrict access to the `/admin/login-back.php` file.

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical issue has been found in the code-projects Library System. The problem affects an unknown part of the file /user/teacher/books.php. The manipulation of the `Search` argument leads to SQL injection. It is possible to initiate the attack remotely. Recommendations: For code-projects Library System version 1.0, consider restricting access to the /user/teacher/books.php file until a patch is available. As a temporary workaround, avoid using the `Search` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical issue has been discovered, affecting the /approve.php file. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For code-projects Library System version 1.0, consider restricting access to the /approve.php file until a fix is available, and avoid using the `ID` argument in this context to minimize the risk of exploitation.