Jason Colyvas

**Name of the Vulnerable Software and Affected Versions** Raymart DG / Ahmed Helal Hotel-mgmt-system (affected versions not specified) **Description** A blind SQL injection issue exists, allowing a malicious attacker to retrieve sensitive database information and interact with the database. This is achieved through the vulnerable `cid` parameter in the `process update profile.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kaushik Jadhav Online Food Ordering Web App version 1.0 **Description** An un-authenticated error-based and time-based blind SQL injection issue exists. An attacker can exploit the vulnerable `username` parameter in "login.php" and retrieve sensitive database information, as well as add an administrative user. **Recommendations** For Kaushik Jadhav Online Food Ordering Web App version 1.0, consider disabling the `username` parameter in the "login.php" file until a patch is available. Restrict access to the "login.php" file to minimize the risk of exploitation. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.