Jsbae3449

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Computer and Laptop Store version 1.0 **Description** A critical vulnerability was found in the software, affecting an unknown part of the file php-oclsadminsystem infoindex.php. The manipulation of the `img` argument leads to unrestricted upload. It is possible to initiate the attack remotely. **Recommendations** For version 1.0, consider disabling the upload functionality related to the `img` argument in the php-oclsadminsystem infoindex.php file until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the `img` argument in the affected functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Company Website CMS (affected versions not specified) **Description** A critical issue was found in the component Add Blog, specifically in the file /dashboard/add-blog.php. The manipulation of the `ufile` argument leads to unrestricted upload. This issue can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Gym Management System (affected versions not specified) **Description** A critical issue has been found in the SourceCodester Gym Management System, affecting some unknown functionality of the file /admin/add exercises.php in the Background Management component. The manipulation of the `exer img` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Gym Management System (affected versions not specified) **Description** A critical issue was found in the SourceCodester Gym Management System, affecting the /admin/add trainers.php file of the Add New Trainer component. The manipulation of the `trainer name` argument leads to sql injection, and it is possible to initiate the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Company Website CMS (affected versions not specified) **Description** A critical issue has been found in the SourceCodester Company Website CMS, affecting the /dashboard/updatelogo.php file of the Background Upload Logo Icon component. The manipulation of the `xfile/ufile` argument leads to unrestricted upload. This issue can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Company Website CMS (affected versions not specified) **Description** A critical issue was found in the SourceCodester Company Website CMS, affecting some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the `ufile` argument leads to unrestricted upload. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Library Management System (affected versions not specified) **Description** A vulnerability was found in the SourceCodester Library Management System, affecting unknown code of the file /qr/I/. The manipulation of the `error` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Company Website CMS (affected versions not specified) **Description** A critical vulnerability was found in the SourceCodester Company Website CMS, affecting an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload, and it is possible to launch the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.