Joinia

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A SQL injection flaw exists in the `/admin/barcode.php` file due to manipulation of the `ID` argument. This manipulation can be initiated remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A SQL injection issue exists in SourceCodester Pet Grooming Management Software. The vulnerability is located in an unknown functionality within the `/admin/ajax product.php` file. Manipulation of the `drop services` argument can trigger the injection. This attack can be initiated remotely. The exploit for this issue is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/ajax product.php` file to minimize the risk of exploitation. Sanitize the `drop services` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A security issue exists in SourceCodester Pet Grooming Management Software 1.0. The vulnerability is due to unrestricted upload capabilities resulting from the manipulation of the `website image` argument within an unknown function of the `/admin/seo setting.php` file, part of the Setting Handler component. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, restrict access to the `/admin/seo setting.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A weakness exists in SourceCodester Pet Grooming Management Software that allows for unrestricted file upload. The issue impacts an unknown function within the `/admin/operation/user.php` file. Manipulation of the `website image` argument can be used to exploit this weakness remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, restrict access to the `/admin/operation/user.php` file. Sanitize or validate the `website image` argument to prevent unrestricted file uploads.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A SQL injection issue exists in SourceCodester Pet Grooming Management Software. The issue affects an unknown part of the `/admin/ajax represent.php` file. Manipulation of the `ID` argument can lead to SQL injection, allowing remote attackers to potentially access or alter data. The exploit has been publicly disclosed. **Recommendations** Restrict access to the `/admin/ajax represent.php` file. Consider deploying a Web Application Firewall (WAF) to filter malicious requests.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Task Progress Tracker version 1.0 **Description** A vulnerability was found in the software, affecting an unknown functionality of the file /endpoint/add-task.php. The manipulation of the `task name` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the /endpoint/add-task.php file until a patch is available. Avoid using the `task name` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Task Progress Tracker version 1.0 **Description** A critical issue has been found in the software, allowing for SQL injection. The manipulation of the `task` argument in the `/endpoint/delete-task.php` file leads to this issue. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. An attacker can remotely delete tasks. **Recommendations** For SourceCodester Task Progress Tracker version 1.0, consider disabling the `/endpoint/delete-task.php` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `task` argument in the affected endpoint until the issue is resolved. Validate user input to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Accounts Manager App version 1.0 **Description** A critical issue has been found in the processing of the file "/endpoint/delete-account.php". The manipulation of the `account` argument leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. An attacker can delete accounts via the vulnerable "delete-account.php" endpoint. **Recommendations** For SourceCodester Accounts Manager App version 1.0, patch immediately to prevent exploitation. Additionally, check logs for signs of exploit. As a temporary workaround, consider restricting access to the "/endpoint/delete-account.php" endpoint until a patch is available. Avoid using the `account` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Accounts Manager App version 1.0 **Description** A problematic issue was found in the SourceCodester Accounts Manager App, affecting an unknown function of the file /endpoint/add-account.php. The manipulation of the `account name` argument leads to cross-site scripting. It is possible to launch the attack remotely. **Recommendations** For version 1.0, consider disabling the `account name` argument in the /endpoint/add-account.php file as a temporary workaround until a patch is available. Restrict access to the /endpoint/add-account.php endpoint to minimize the risk of exploitation. Avoid using the `account name` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Leads Manager Tool version 1.0 **Description** A critical issue was found in the Delete Leads Handler component, specifically in the file /endpoint/delete-leads.php. The `leads` argument is vulnerable to SQL injection, which can be exploited remotely. The issue affects some unknown functionality of the file. **Recommendations** For SourceCodester Leads Manager Tool version 1.0, as a temporary workaround, consider restricting access to the /endpoint/delete-leads.php endpoint until a patch is available. Avoid using the `leads` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Leads Manager Tool version 1.0 **Description** A problematic issue has been found, affecting the /endpoint/add-leads.php file of the Add Leads Handler component. The manipulation of the `leads name` and `phone number` arguments leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For SourceCodester Leads Manager Tool version 1.0, as a temporary workaround, consider restricting access to the /endpoint/add-leads.php endpoint until a patch is available. Avoid using the `leads name` and `phone number` arguments in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Loan Management System version 1.0 **Description** A critical issue has been found in the Users Page component, specifically in the `delete user` function of the `deleteUser.php` file. The manipulation of the `user id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Loan Management System version 1.0, consider disabling the `delete user` function in the `deleteUser.php` file until a patch is available. Restrict access to the `deleteUser.php` file to minimize the risk of exploitation. Avoid using the `user id` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Loan Management System version 1.0 **Description** A critical issue has been found in the system, affecting the `delete borrower` function of the `deleteBorrower.php` file. The manipulation of the `borrower id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Loan Management System version 1.0, consider disabling the `delete borrower` function in the `deleteBorrower.php` file until a patch is available. Restrict access to the `deleteBorrower.php` file to minimize the risk of exploitation. Avoid using the `borrower id` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Loan Management System version 1.0 **Description** A critical issue affects the function `delete ltype` of the file `delete ltype.php` in the Loan Type Page component. The manipulation of the `ltype id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Loan Management System version 1.0, consider disabling the `delete ltype` function in the `delete ltype.php` file until a patch is available to prevent SQL injection attacks. Restrict access to the Loan Type Page component to minimize the risk of exploitation. Avoid using the `ltype id` argument in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Lead Management System version 1.0 **Description** A critical issue was found in the SourceCodester Lead Management System. The manipulation of the `username` argument in the login.php file leads to sql injection. This issue can be exploited remotely. **Recommendations** For version 1.0, consider disabling the login functionality until a patch is available to prevent sql injection attacks. Restrict access to the login.php file to minimize the risk of exploitation. Avoid using the `username` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Canteen Management System version 1.0 **Description** A critical issue affects the processing of the file edituser.php, where the manipulation of the `id` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For SourceCodester Canteen Management System version 1.0, consider restricting access to the edituser.php file until a fix is available, and avoid using the `id` argument in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Canteen Management System version 1.0 **Description** A critical issue has been discovered, affecting the login.php file. The `business` argument is vulnerable to SQL injection, which can be exploited remotely. **Recommendations** For SourceCodester Canteen Management System version 1.0, consider restricting access to the login.php file until a fix is available. As a temporary workaround, avoid using the `business` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Clinics Patient Management System version 1.0 **Description** A critical issue affects some unknown functionality of the file medicine details.php, where the manipulation of the `medicine` argument leads to sql injection. The attack can be launched remotely. **Recommendations** For SourceCodester Clinics Patient Management System version 1.0, consider restricting access to the medicine details.php file until a patch is available. As a temporary workaround, avoid using the `medicine` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Clinics Patient Management System (affected versions not specified) **Description** A critical issue was found in the Login component of the system, specifically in the file index.php. The `user name` argument is vulnerable to sql injection, which can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Bank Management System version 1.0 **Description** A critical issue has been found in the login functionality. The manipulation of the `password` argument with a specific input leads to SQL injection. The attack can be launched remotely. Technical details include the exploitation of the `login.php` endpoint, where the input `1'and 1=2 union select 1,sleep(10),3,4,5 --+` is used to demonstrate the vulnerability. **Recommendations** For SourceCodester Bank Management System version 1.0, consider disabling the `login.php` endpoint until a patch is available to prevent SQL injection attacks. Restrict access to the `password` argument in the login functionality to minimize the risk of exploitation.