Heishou

**Name of the Vulnerable Software and Affected Versions** Campcodes Student Information System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown function of the file /classes/Users.php?f=save. The manipulation of the `username` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For Campcodes Student Information System version 1.0, as a temporary workaround, consider restricting access to the /classes/Users.php?f=save file until a patch is available. Avoid using the `username` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara Billing Software version 1.0 **Description** A critical issue affects the processing of the file `item list edit.php` in the HTTP POST Request Handler component. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Kashipara Billing Software version 1.0, as a temporary workaround, consider restricting access to the `item list edit.php` file until a patch is available. Avoid using the `id` argument in the affected HTTP POST Request Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara Billing Software version 1.0 **Description** A critical vulnerability has been found in the HTTP POST Request Handler component of the software, specifically affecting the file party submit.php. The manipulation of the `party name` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Kashipara Billing Software version 1.0, consider restricting access to the `party submit.php` file until a patch is available. As a temporary workaround, avoid using the `party name` argument in the affected HTTP POST Request Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara Billing Software version 1.0 **Description** A critical issue was found in the HTTP POST Request Handler component, specifically in the file material bill.php. The manipulation of the `itemtypeid` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Kashipara Billing Software version 1.0, as a temporary workaround, consider restricting access to the material bill.php file or disabling the HTTP POST Request Handler until a patch is available. Avoid using the `itemtypeid` argument in the affected HTTP POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara Billing Software version 1.0 **Description** A critical issue has been found in the HTTP POST Request Handler component, specifically in the file submit delivery list.php. The manipulation of the `customer details` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For Kashipara Billing Software version 1.0, as a temporary workaround, consider restricting access to the submit delivery list.php file or disabling the manipulation of the `customer details` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara Billing Software version 1.0 **Description** A critical issue was found in the HTTP POST Request Handler component, specifically in the file buyer detail submit.php. The manipulation of the `gstn no` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For Kashipara Billing Software version 1.0, consider restricting access to the buyer detail submit.php file until a patch is available. As a temporary workaround, avoid using the `gstn no` argument in the affected HTTP POST request handler to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Lawyer Management System version 1.0 **Description** A critical issue was found in the Project Worlds Lawyer Management System, affecting an unknown functionality of the file searchLawyer.php. The manipulation of the `experience` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Project Worlds Lawyer Management System version 1.0, consider restricting access to the searchLawyer.php file until a patch is available. As a temporary workaround, avoid using the `experience` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** coderd-repos Eva version 1.0.0 **Description** A critical issue was found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /system/traceLog/page. The manipulation of the `property` argument leads to SQL injection. The issue has been publicly disclosed and may be exploited. **Recommendations** For coderd-repos Eva version 1.0.0, consider restricting access to the /system/traceLog/page file to minimize the risk of SQL injection exploitation. As a temporary workaround, avoid using the `property` argument in the affected HTTP POST Request Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 1.0 **Description** A critical vulnerability was found in the PHPGurukul Hospital Management System. This issue affects an unknown part of the file admin/query-details.php. The manipulation of the `adminremark` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Hospital Management System version 1.0, consider disabling access to the `admin/query-details.php` file or restricting the manipulation of the `adminremark` argument until a patch is available. As a temporary workaround, avoid using the `adminremark` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 1.0 **Description** A critical issue has been found in the PHPGurukul Hospital Management System, affecting some unknown functionality of the file admin/patient-search.php. The manipulation of the `searchdata` argument leads to sql injection. The issue has been publicly disclosed and may be exploited. **Recommendations** For PHPGurukul Hospital Management System version 1.0, as a temporary workaround, consider restricting access to the admin/patient-search.php file until a patch is available. Avoid using the `searchdata` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 1.0 **Description** A critical vulnerability was found in the PHPGurukul Hospital Management System. The issue affects an unknown functionality of the file admin/change-password.php. The manipulation of the `cpass` argument leads to SQL injection. **Recommendations** For PHPGurukul Hospital Management System version 1.0, consider disabling the `change-password` functionality in the admin panel until a patch is available. Restrict access to the admin/change-password.php file to minimize the risk of exploitation. Avoid using the `cpass` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Dairy Farm Shop Management System versions up to 1.1 **Description** A critical issue was found in the PHPGurukul Dairy Farm Shop Management System. The problem is related to the manipulation of the `category` argument in an unknown function of the file add-category.php, leading to sql injection. **Recommendations** For PHPGurukul Dairy Farm Shop Management System versions up to 1.1, consider restricting access to the add-category.php file until a patch is available. As a temporary workaround, avoid using the `category` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 1.0 **Description** A critical vulnerability has been found in the PHPGurukul Hospital Management System. The issue is related to an unknown function in the file admin/contact.php, where the manipulation of the argument `mobnum` leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Hospital Management System version 1.0, consider disabling the `mobnum` argument in the affected function until a patch is available. Restrict access to the admin/contact.php file to minimize the risk of exploitation. Avoid using the `mobnum` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mandelo ssm shiro blog version 1.0 **Description** A vulnerability has been found in the file `updateRoles` of the component Backend, leading to improper access controls. The manipulation of this vulnerability can be used to exploit the issue. **Recommendations** For Mandelo ssm shiro blog version 1.0, consider restricting access to the `updateRoles` functionality in the Backend component until a patch is available. As a temporary workaround, disabling the `updateRoles` function may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 1.0 **Description** A critical issue affects the processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument `doctorspecilization` leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Hospital Management System version 1.0, consider disabling the `admin/edit-doctor-specialization.php` file or restricting access to it until a patch is available. Avoid using the `doctorspecilization` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fhs-opensource iparking version 1.5.22.RELEASE **Description** A critical issue has been found in the processing of the file `/vueLogin`, which leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.5.22.RELEASE, as a temporary workaround, consider restricting access to the `/vueLogin` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara Food Management System version 1.0 **Description** A critical issue has been found in the Kashipara Food Management System, affecting the processing of the file stock edit.php. The manipulation of the `item type` argument leads to SQL injection. The attack may be initiated remotely. **Recommendations** For Kashipara Food Management System version 1.0, as a temporary workaround, consider restricting access to the stock edit.php file until a patch is available. Additionally, avoid using the `item type` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara Food Management System version 1.0 **Description** A critical issue affects some unknown functionality of the file itemBillPdf.php. The manipulation of the `printid` argument leads to SQL injection. The attack may be launched remotely. **Recommendations** For Kashipara Food Management System version 1.0, as a temporary workaround, consider restricting access to the file itemBillPdf.php until a patch is available. Avoid using the `printid` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara Food Management System version 1.0 **Description** A critical vulnerability has been found in the Kashipara Food Management System. This issue affects an unknown part of the file rawstock used damaged submit.php. The manipulation of the `product name` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Kashipara Food Management System version 1.0, as a temporary workaround, consider restricting access to the rawstock used damaged submit.php file until a patch is available. Avoid using the `product name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara Food Management System version 1.0 **Description** A critical vulnerability was found in the Kashipara Food Management System, affecting the file stock entry submit.php. The manipulation of the `itemype` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Kashipara Food Management System version 1.0, as a temporary workaround, consider restricting access to the `stock entry submit.php` file until a patch is available. Additionally, avoid using the `itemype` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.