Huang Yue

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Pharmacy/Medical Store Point of Sale System version 1.0 **Description** The issue stems from inadequate validation of user inputs for the `email` and `password` parameters in the "login.php" endpoint, allowing attackers to inject malicious SQL queries. **Recommendations** For Sourcecodester Pharmacy/Medical Store Point of Sale System version 1.0, consider disabling the login functionality via "login.php" until a patch is available, and restrict access to the `email` and `password` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library System version V1.0 **Description** An issue in the Library System allows a remote attacker to execute arbitrary code via the ` FAILE` variable in the `student edit photo.php` component. **Recommendations** For Library System version V1.0, consider disabling access to the `student edit photo.php` component until a patch is available to prevent exploitation via the ` FAILE` variable.