K0Xx

**Name of the Vulnerable Software and Affected Versions** Online Ordering System By janobe version 2.3.2 **Description** The issue is related to SQL Injection, which can be exploited via the "/ordering/index.php?q=products&id=" endpoint. The `id` variable is vulnerable to SQL injection attacks. **Recommendations** For version 2.3.2, consider restricting access to the "/ordering/index.php?q=products&id=" endpoint until a patch is available. As a temporary workaround, avoid using the `id` variable in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wedding Management System version 1.0 **Description** The issue concerns a SQL Injection vulnerability. It can be exploited via the `/Wedding-Management/admin/client edit.php` API endpoint, specifically through the `user id` variable. **Recommendations** For Wedding Management System version 1.0, consider restricting access to the `/Wedding-Management/admin/client edit.php` endpoint until a patch is available. As a temporary workaround, avoid using the `user id` variable in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wedding Management System version 1.0 **Description** The issue concerns a SQL Injection vulnerability. It can be exploited via the `/Wedding-Management/admin/client assign.php` endpoint, specifically through the `booking` and `user id` parameters. **Recommendations** For Wedding Management System version 1.0, as a temporary workaround, consider restricting access to the `/Wedding-Management/admin/client assign.php` endpoint until a patch is available. Avoid using the `user id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wedding Management System version 1.0 **Description** The issue is related to SQL Injection. It affects the Wedding-Management/admin/select.php endpoint. **Recommendations** For Wedding Management System version 1.0, consider restricting access to the select.php endpoint until a patch is available. As a temporary workaround, avoid using user-input data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 2.3.2 **Description** The issue is related to SQL Injection. It can be exploited via the "/ordering/admin/stockin/index.php?view=edit&id=" endpoint. The `id` variable is vulnerable to SQL injection attacks. **Recommendations** For Online Ordering System version 2.3.2, consider restricting access to the "/ordering/admin/stockin/index.php?view=edit&id=" endpoint until a patch is available. As a temporary workaround, avoid using the `id` variable in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 2.3.2 **Description** The issue allows for SQL Injection via the `/ordering/admin/user/index.php?view=edit&id=` API endpoint, specifically targeting the `id` variable. This could potentially lead to unauthorized access or manipulation of database content. **Recommendations** For Online Ordering System version 2.3.2, consider restricting access to the `/ordering/admin/user/index.php` endpoint until a patch is available, and avoid using the `id` variable in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 1.0 **Description** The issue concerns a SQL Injection vulnerability via the "admin/viewreport.php" endpoint. This allows for potential unauthorized access and manipulation of database content. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Online Ordering System version 1.0, consider disabling access to the "admin/viewreport.php" endpoint until a patch is available to prevent potential SQL Injection attacks. Restricting database privileges and input validation can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wedding Management System version 1.0 **Description** The issue concerns a SQL Injection vulnerability. It can be exploited via the `Wedding-Management/wedding details.php` endpoint. **Recommendations** For Wedding Management System version 1.0, consider restricting access to the `wedding details.php` file until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wedding Management System version 1.0 **Description** The issue concerns a SQL Injection vulnerability. It can be exploited via the `/Wedding-Management/admin/client manage account details.php` endpoint, specifically through the `booking id` and `user id` parameters. **Recommendations** For Wedding Management System version 1.0, consider restricting access to the `/Wedding-Management/admin/client manage account details.php` endpoint until a patch is available. As a temporary workaround, avoid using the `booking id` and `user id` parameters in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wedding Management System version 1.0 **Description** The issue concerns a SQL Injection vulnerability. It can be exploited via the "/Wedding-Management/admin/budget.php?booking id=" API endpoint, specifically through the `booking id` variable. **Recommendations** For Wedding Management System version 1.0, consider restricting access to the "/Wedding-Management/admin/budget.php" endpoint until a patch is available, and avoid using the `booking id` variable in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System By janobe version 2.3.2 **Description** The issue is related to SQL Injection. It affects the `/ordering/admin/products/index.php?view=edit&id=` API endpoint, where the `id` parameter is vulnerable. **Recommendations** For version 2.3.2, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `/ordering/admin/products/index.php?view=edit&id=` endpoint until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System By janobe version 2.3.2 **Description** The issue allows for SQL Injection via the "/ordering/admin/orders/loaddata.php" API endpoint. **Recommendations** For version 2.3.2, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 2.3.2 **Description** The issue concerns SQL Injection via the "/ordering/admin/stockin/loaddata.php" API endpoint. This allows for potential manipulation of database queries. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Online Ordering System version 2.3.2, as a temporary workaround, consider restricting access to the "/ordering/admin/stockin/loaddata.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 2.3.2 **Description** The issue allows for SQL Injection via the "/ordering/admin/category/index.php?view=edit&id=" API endpoint, specifically targeting the `id` variable. This could potentially lead to unauthorized data access or modification. **Recommendations** For Online Ordering System version 2.3.2, consider restricting access to the "/ordering/admin/category/index.php?view=edit&id=" endpoint until a patch is available, and avoid using the `id` variable in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 1.0 **Description** The issue concerns a SQL Injection vulnerability. It affects the `admin/editproductimage.php` endpoint. **Recommendations** For Online Ordering System version 1.0, consider disabling access to the `admin/editproductimage.php` endpoint until a patch is available. Restrict input validation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 1.0 **Description** The issue concerns a SQL Injection vulnerability via the "admin/vieworders.php" endpoint. This allows for potential unauthorized access and manipulation of database content. **Recommendations** For Online Ordering System version 1.0, consider restricting access to the "admin/vieworders.php" endpoint until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Ordering System version 1.0 **Description** The issue is related to SQL injection via the store/orderpage.php endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For Online Ordering System version 1.0, as a temporary workaround, consider restricting access to the store/orderpage.php endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wedding Management System version 1.0 **Description** The issue allows for SQL injection via the "/Wedding-Management/admin/blog events edit.php" API endpoint, specifically through the `id` variable. **Recommendations** For Wedding Management System version 1.0, consider restricting access to the "/Wedding-Management/admin/blog events edit.php" API endpoint until a patch is available, and avoid using the `id` variable in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Air Cargo Management System version 1.0 **Description** The issue concerns SQL Injection via the `/acms/admin/cargo types/manage cargo type.php?id=` endpoint. This allows for potential manipulation of database queries using the `id` parameter. **Recommendations** For Air Cargo Management System version 1.0, as a temporary workaround, consider restricting access to the `/acms/admin/cargo types/manage cargo type.php` endpoint until a patch is available. Avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Air Cargo Management System version 1.0 **Description** The issue concerns SQL Injection, which can be exploited via the "/acms/admin/cargo types/view cargo type.php" endpoint, specifically through the `id` variable. This allows for potential unauthorized access and manipulation of data. **Recommendations** For Air Cargo Management System version 1.0, as a temporary workaround, consider restricting access to the "/acms/admin/cargo types/view cargo type.php" endpoint until a patch is available. Avoid using the `id` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.