Hefei-Coffee

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A vulnerability has been found in the system, classified as problematic. It affects an unknown functionality of the file /classes/Master.php?f=log visitor. The manipulation of the `name` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Employee and Visitor Gate Pass Logging System version 1.0, consider disabling the functionality related to the /classes/Master.php?f=log visitor file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue was found in the save users function of the /classes/Users.php file, specifically in the `id` argument, which leads to sql injection. This issue can be exploited remotely. Recommendations: For version 1.0, consider disabling the `save users` function in the /classes/Users.php file until a patch is available. Restrict access to the `id` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Cab Management System version 1.0 Description: A critical issue has been discovered, affecting the /cms/classes/Users.php file, specifically when the `id` argument is manipulated, leading to SQL injection. This can be initiated remotely. The issue has been publicly disclosed. Recommendations: For SourceCodester Cab Management System version 1.0, consider restricting access to the `delete client` function in the Users.php file until a patch is available. Avoid using the `id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue has been found in the system, affecting the `delete users` function of the file /classes/Users.php?f=delete. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. Recommendations: For SourceCodester Employee and Visitor Gate Pass Logging System version 1.0, as a temporary workaround, consider restricting access to the `delete users` function of the /classes/Users.php?f=delete file until a patch is available. Avoid using the `id` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A critical issue was found in the manage product.php file, where the manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. Recommendations: For SourceCodester Online Eyewear Shop version 1.0, consider restricting access to the manage product.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Bidding System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save product. This issue leads to unrestricted upload, allowing remote attacks. The exploit has been disclosed publicly. **Recommendations** For SourceCodester Simple Online Bidding System version 1.0, patch immediately and validate all file uploads to mitigate the risk of malicious file upload. As a temporary workaround, consider restricting access to the /simple-online-bidding-system/admin/ajax.php?action=save product endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester School Intramurals Student Attendance Management System version 1.0 **Description** A critical issue affects the processing of the file /intrams sams/manage course.php, where the manipulation of the `id` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** For SourceCodester School Intramurals Student Attendance Management System version 1.0, consider disabling the `id` argument in the /intrams sams/manage course.php file as a temporary workaround until a patch is available. Restrict access to the /intrams sams/manage course.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester School Intramurals Student Attendance Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown function of the file /intrams sams/manage student.php. The manipulation of the `id` argument leads to SQL injection, allowing for remote attacks. The exploit has been disclosed publicly. **Recommendations** For SourceCodester School Intramurals Student Attendance Management System version 1.0, consider restricting access to the `/intrams sams/manage student.php` file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Bidding System version 1.0 **Description** A critical issue affects some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete category. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For SourceCodester Simple Online Bidding System version 1.0, consider disabling the `delete category` action in the /simple-online-bidding-system/admin/ajax.php file as a temporary workaround until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Bidding System version 1.0 **Description** A problematic vulnerability has been found in the system, affecting an unknown part of the file "/simple-online-bidding-system/admin/ajax.php?action=save user". This leads to cross-site request forgery and can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** For version 1.0, consider disabling access to the `/simple-online-bidding-system/admin/ajax.php?action=save user` endpoint until a patch is available. Restricting the use of this endpoint can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Byzoro Smart S200 Management Platform versions up to 20240507 **Description** A critical issue affects the processing of the file /useratte/userattestation.php, where the manipulation of the `web img` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly. **Recommendations** For versions up to 20240507, as a temporary workaround, consider restricting access to the /useratte/userattestation.php file until a patch is available. Avoid using the `web img` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tongda OA version 2017 **Description** A critical issue has been identified, affecting the file /general/meeting/manage/delete.php. The manipulation of the `M ID STR` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed. The vendor was contacted about this issue but did not respond. **Recommendations** For Tongda OA version 2017, as a temporary workaround, consider restricting access to the `/general/meeting/manage/delete.php` file until a patch is available. Avoid using the `M ID STR` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Computer and Laptop Store version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /admin/maintenance/manage brand.php. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Computer and Laptop Store version 1.0, as a temporary workaround, consider restricting access to the /admin/maintenance/manage brand.php file until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** BlueNet Technology Clinical Browsing System version 1.2.1 **Description** A critical issue exists in BlueNet Technology Clinical Browsing System version 1.2.1. The issue involves a SQL injection affecting an unknown functionality within the `/xds/outIndex.php` file. Manipulation of the `name` argument can lead to SQL injection, potentially allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueNet Technology Clinical Browsing System version 1.2.1 **Description** A critical issue has been found, affecting an unknown part of the file /xds/cloudInterface.php. The manipulation of the `INSTI CODE` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For BlueNet Technology Clinical Browsing System version 1.2.1, consider restricting access to the `/xds/cloudInterface.php` file until a patch is available. As a temporary workaround, avoid using the `INSTI CODE` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.