J-Jcp

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Notes Sharing System version 1.0 **Description** A SQL injection issue exists in projectworlds Online Notes Sharing System version 1.0. The issue is related to the processing of the `/login.php` file within the Parameters Handler component. Manipulation of the `User` parameter can lead to SQL injection. The attack can be executed remotely, and an exploit is publicly available. **Recommendations** Apply a fix for projectworlds Online Notes Sharing System version 1.0 to address the SQL injection issue in the Parameters Handler component.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Admission System version 1.0 **Description** A security issue exists in projectworlds Online Admission System version 1.0. The issue involves a SQL injection that can be triggered remotely through manipulation of the `keywords` argument in an unknown functionality within the '/process login.php' file. The exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Shopping System version 1.0 **Description** A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the `/login submit.php` file. Manipulation of the `keywords` argument may allow for remote exploitation. The exploit has been published. **Recommendations** versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the `/login submit.php` file to minimize the risk of exploitation. Avoid using the `keywords` parameter in the affected API endpoint '/login submit.php' until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A flaw exists in projectworlds Advanced Library Management System that allows for remote code execution through SQL injection. Manipulation of the `keywords` argument within the `/index.php` file can trigger this issue. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.