Huanghc

**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A SQL injection issue exists in the `/pages/delete order details.php` script. Manipulation of the `order id` parameter can allow an attacker to execute arbitrary SQL commands on the database. This could potentially lead to data leakage, data modification, or complete compromise of the database server. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A flaw exists in code-projects E-Commerce Website 1.0 where manipulation of the `prod id` argument in the file /pages/product add qty.php can lead to SQL injection. This issue is potentially exploitable remotely. The exploit is publicly available. The vulnerable element is an unknown function within the specified file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Salon Management System version 1.0 **Description** A security flaw exists in SourceCodester Best Salon Management System 1.0. The issue is a SQL injection affecting an unknown part of the file `/panel/add invoice.php`. Manipulation of the `ServiceId` parameter can lead to SQL code execution. The exploit has been released publicly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A flaw exists in code-projects E-Commerce Website 1.0. Manipulation of the `prod name` argument in the file '/pages/product add.php' can lead to SQL injection. This issue may be exploited remotely. The exploit is publicly available. **Recommendations** Sanitize the `prod name` argument in the '/pages/product add.php' file to prevent SQL injection. Restrict access to the '/pages/product add.php' file if possible.

**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A flaw exists in code-projects E-Commerce Website 1.0, specifically within the file `/pages/supplier add.php`. Manipulation of the `supp email` argument can lead to SQL injection. This attack can be launched remotely. The exploit has been published. The vulnerable function is unknown. **Recommendations** Apply any available updates or patches for code-projects E-Commerce Website version 1.0. As a temporary workaround, restrict or sanitize input to the `supp email` argument in the `/pages/supplier add.php` file.