Jxp

**Name of the Vulnerable Software and Affected Versions** WeiYe-Jing datax-web version 2.1.1 **Description** A critical issue has been found, affecting an unknown part of the file "/api/job/add/". The manipulation of the `glueSource` argument leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For WeiYe-Jing datax-web version 2.1.1, as a temporary workaround, consider disabling access to the "/api/job/add/" endpoint until a patch is available. Restrict the use of the `glueSource` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Crime Reporting System version 1.0 **Description** A critical issue has been found in the code-projects Crime Reporting System, affecting the file inchargelogin.php. The manipulation of the `email` and `password` arguments leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For code-projects Crime Reporting System version 1.0, consider disabling the inchargelogin.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `email` and `password` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Crime Reporting System version 1.0 **Description** A critical issue affects the processing of the file police add.php. The manipulation of the arguments `police name`, `police id`, `police spec`, or `password` leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Crime Reporting System version 1.0, consider temporarily restricting access to the police add.php file until a patch is available. As a mitigation measure, avoid using the arguments `police name`, `police id`, `police spec`, or `password` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Library System version 1.0 **Description** A critical vulnerability has been found in the code-projects Library System, affecting the file Source/librarian/user/student/login.php. The manipulation of the `username` and `password` arguments leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Library System version 1.0, as a temporary workaround, consider restricting access to the `login.php` file until a patch is available. Avoid using the `username` and `password` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Library System version 1.0 **Description** A critical issue affects the processing of the file Source/librarian/user/teacher/login.php. The manipulation of the `username` and `password` arguments leads to SQL injection. The attack can be initiated remotely. **Recommendations** For code-projects Library System version 1.0, consider disabling the login functionality in the affected file until a patch is available. Restrict access to the `login.php` file to minimize the risk of exploitation. Avoid using the `username` and `password` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Library System version 1.0 **Description** A critical issue has been found in the code-projects Library System, affecting an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the arguments `email`, `idno`, `phone`, or `username` can lead to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Library System version 1.0, as a temporary workaround, consider restricting access to the affected file Source/librarian/user/teacher/registration.php until a patch is available. Avoid using the arguments `email`, `idno`, `phone`, or `username` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Library System version 1.0 **Description** A critical issue was found in the code-projects Library System, affecting an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the `email`, `regno`, `phone`, or `username` arguments leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Library System version 1.0, as a temporary workaround, consider restricting access to the `registration.php` file until a patch is available. Avoid using the `email`, `regno`, `phone`, or `username` arguments in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Library System version 1.0 **Description** A critical issue was found in the code-projects Library System, affecting some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the `email` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Library System version 1.0, as a temporary workaround, consider restricting access to the `lost-password.php` file until a patch is available. Additionally, avoid using the `email` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.