Hemantra J Bhati

**Name of the Vulnerable Software and Affected Versions** SourceCodester Ship Ferry Ticket Reservation System versions prior to 1.1 **Description** An issue exists in the Admin Login component within the '/admin/login.php' endpoint. Remote manipulation of the `Username` argument allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. **Recommendations** Update the system to a version later than 1.0. As a temporary workaround, restrict access to the '/admin/login.php' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Website Link Extractor version 1.0 **Description** A server-side request forgery condition exists in the URL Handler component’s `file get contents()` function. This allows for remote initiation of attacks. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.