K0Xx11

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Gas Agency Management System version 1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "/gasmark/editbrand.php?id=" endpoint. The `id` variable is vulnerable to injection attacks. **Recommendations** For Sourcecodester Gas Agency Management System version 1.0, consider validating and sanitizing user input for the `id` variable in the "/gasmark/editbrand.php" endpoint to prevent SQL Injection attacks. As a temporary workaround, restrict access to the "/gasmark/editbrand.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/librarian/dele.php" API endpoint. **Recommendations** For Library Management System version 1.0, as a temporary workaround, consider restricting access to the "/librarian/dele.php" endpoint until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `RollNo` parameter at the "/librarian/delstu.php" API endpoint. **Recommendations** For Library Management System version 1.0, consider restricting access to the `/librarian/delstu.php` endpoint until a patch is available. As a temporary workaround, avoid using the `RollNo` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `bookId` parameter at the "/librarian/delete.php" API endpoint. **Recommendations** For Library Management System version 1.0, as a temporary workaround, consider restricting access to the "/librarian/delete.php" endpoint or avoiding the use of the `bookId` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `RollNo` parameter at the "/admin/delstu.php" API endpoint. **Recommendations** For Library Management System version 1.0, consider restricting access to the "/admin/delstu.php" endpoint until a patch is available. As a temporary workaround, avoid using the `RollNo` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `bookId` parameter at the "/admin/delete.php" API endpoint. **Recommendations** For Library Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/delete.php" endpoint until a patch is available. Avoid using the `bookId` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `M Id` parameter at the "/admin/del.php" API endpoint. **Recommendations** For Library Management System version 1.0, consider restricting access to the "/admin/del.php" endpoint until a patch is available. As a temporary workaround, avoid using the `M Id` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `Section` parameter at the "/staff/lab.php" API endpoint. **Recommendations** For Library Management System version 1.0, consider restricting access to the `/staff/lab.php` endpoint until a patch is available. As a temporary workaround, avoid using the `Section` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ingredients Stock Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `month` parameter at the "/admin/?page=reports/stockin&month=" endpoint. **Recommendations** For Ingredients Stock Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=reports/stockin&month=" endpoint until a patch is available. Avoid using the `month` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/staff/edit book details.php" API endpoint. **Recommendations** For Library Management System version 1.0, consider restricting access to the `/staff/edit book details.php` endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ingredients Stock Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/admin/?page=user/manage user&id=" endpoint. **Recommendations** For Ingredients Stock Management System version 1.0, consider restricting access to the "/admin/?page=user/manage user&id=" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `Section` parameter at the "/librarian/lab.php" API endpoint. **Recommendations** For Library Management System version 1.0, as a temporary workaround, consider restricting access to the "/librarian/lab.php" API endpoint to minimize the risk of exploitation. Avoid using the `Section` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/staff/bookdetails.php" API endpoint. **Recommendations** For Library Management System version 1.0, consider restricting access to the "/staff/bookdetails.php" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/staff/studentdetails.php" API endpoint. **Recommendations** For Library Management System version 1.0, as a temporary workaround, consider restricting access to the "/staff/studentdetails.php" endpoint or validating and sanitizing the `id` parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ingredients Stock Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `month` parameter at the "/admin/?page=reports/stockout&month=" endpoint. **Recommendations** For Ingredients Stock Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=reports/stockout&month=" endpoint until a patch is available. Avoid using the `month` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ingredients Stock Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `month` parameter at the "/admin/?page=reports/waste&month=" endpoint. **Recommendations** For Ingredients Stock Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=reports/waste&month=" endpoint until a patch is available. Avoid using the `month` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ingredients Stock Management System version 1.0 **Description** The issue allows for arbitrary file deletion via the /classes/Master.php component, specifically through the `f` parameter set to `delete img`. **Recommendations** For Ingredients Stock Management System version 1.0, consider restricting access to the /classes/Master.php component, specifically the `delete img` function, until a patch is available. As a temporary workaround, avoid using the `f` parameter set to `delete img` in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `Id` parameter at the "/student/bookdetails.php" API endpoint. It allows a remote attacker to execute arbitrary SQL queries. **Recommendations** For Library Management System version 1.0, consider restricting access to the "/student/bookdetails.php" endpoint until a patch is available. As a temporary workaround, avoid using the `Id` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ingredients Stock Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `Id` parameter at the "/stocks/manage stockout.php" API endpoint. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Ingredients Stock Management System version 1.0, consider restricting access to the "/stocks/manage stockout.php" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `Id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ingredients Stock Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `Id` parameter at the "/stocks/manage waste.php" API endpoint. **Recommendations** For Ingredients Stock Management System version 1.0, consider restricting access to the `/stocks/manage waste.php` endpoint until a patch is available. As a temporary workaround, avoid using the `Id` parameter in this endpoint to minimize the risk of exploitation.