K1Nako

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Notes Sharing Platform version 1.0 **Description** A flaw exists in projectworlds Online Notes Sharing Platform that allows for unrestricted file uploads. This issue is related to the manipulation of the `image` argument within the `/dashboard/userprofile.php` file. The attack can be initiated remotely. An exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A flaw exists in SourceCodester Best House Rental Management System 1.0 that allows for remote SQL injection. The issue is located within the `login2` function of the `/admin class.php` file. Manipulation of the `Username` argument can lead to a successful exploit. The exploit has been publicly released. **Recommendations** Apply a fix to the `login2` function in the `/admin class.php` file to prevent manipulation of the `Username` argument.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Bidding System version 1.0 **Description** A flaw exists in code-projects Online Bidding System 1.0 that allows for SQL injection. The issue is located in the file '/administrator/index.php' and involves manipulation of the `aduser` argument. This can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A flaw exists in code-projects E-Commerce Website 1.0 where manipulation of the `user id` argument in the file '/pages/admin account delete.php' can lead to SQL injection. This issue is remotely exploitable and the exploit is publicly available. **Recommendations** Sanitize or validate the `user id` argument in the '/pages/admin account delete.php' file to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A SQL injection issue exists in SourceCodester Pet Grooming Management Software. The vulnerability is located in the file `/admin/operation/paid.php`. Manipulation of the `insta amt` argument can trigger the SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/operation/paid.php` file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Hotel Reservation System version 1.0 **Description** A critical vulnerability exists in SourceCodester Online Hotel Reservation System 1.0. The issue affects an unknown part of the file `/admin/deletegallery.php` and allows for SQL injection through manipulation of the `ID` argument. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** For SourceCodester Online Hotel Reservation System version 1.0, sanitize or validate the `ID` parameter in the `/admin/deletegallery.php` file to prevent SQL injection. As a temporary workaround, restrict access to the `/admin/deletegallery.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Hotel Reservation System version 1.0 **Description** A critical vulnerability exists in SourceCodester Online Hotel Reservation System. The vulnerability is due to SQL injection in the `/admin/deleteroom.php` file, specifically through manipulation of the `ID` argument. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/deleteroom.php` file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Attendance and Payroll System version 1.0 **Description** A critical issue was found in the system, affecting the file /admin/overtime row.php. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Attendance and Payroll System version 1.0, consider restricting access to the /admin/overtime row.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Hotel Reservation System version 1.0 **Description** A critical issue was found in the function upload of the file /admin/mod room/controller.php?action=add. The manipulation of the `image` argument leads to unrestricted upload. The attack can be launched remotely. **Recommendations** For SourceCodester Online Hotel Reservation System version 1.0, consider disabling the upload function in the /admin/mod room/controller.php?action=add file until a patch is available. Restrict access to the `image` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Hotel Reservation System version 1.0 **Description** A critical issue has been found in the system, affecting the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod room/controller.php. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Online Hotel Reservation System version 1.0, as a temporary workaround, consider restricting access to the affected function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout until a patch is available. Avoid using the `id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Hotel Reservation System version 1.0 **Description** A critical issue has been found in the function upload of the file /guest/update.php, where the manipulation of the `image` argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Hotel Reservation System version 1.0, consider disabling the upload function in /guest/update.php to prevent unrestricted file uploads until a patch is available. Restrict access to the /guest/update.php file to minimize the risk of exploitation. Avoid using the `image` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Attendance and Payroll System version 1.0 **Description** A critical issue has been found in the upload function of the file /marimar/guest/update.php, allowing unrestricted upload through the manipulation of the `image` argument. This can be initiated remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For SourceCodester Attendance and Payroll System version 1.0, consider disabling the upload function in /marimar/guest/update.php to prevent unrestricted file uploads until a patch is available. Restrict access to the `image` argument in the update.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Attendance and Payroll System version 1.0 **Description** A critical issue has been found in the system, affecting the processing of the file /admin/overtime add.php. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Attendance and Payroll System version 1.0, consider restricting access to the /admin/overtime add.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Petrol Pump Management Software version 1.0 **Description** A critical issue was found in the software, affecting the /admin/edit customer.php file. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Petrol Pump Management Software version 1.0, consider restricting access to the /admin/edit customer.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Petrol Pump Management Software version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /admin/edit fuel.php. The manipulation of the `id` argument leads to sql injection. The attack may be launched remotely. **Recommendations** For SourceCodester Petrol Pump Management Software version 1.0, consider restricting access to the /admin/edit fuel.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Petrol Pump Management Software version 1.0 **Description** A critical issue was found in the software, affecting an unknown functionality of the file /admin/print.php. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For SourceCodester Petrol Pump Management Software version 1.0, as a temporary workaround, consider restricting access to the /admin/print.php file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Petrol Pump Management Software version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /admin/ajax product.php. The manipulation of the `drop services` argument leads to sql injection. The attack may be launched remotely. **Recommendations** For SourceCodester Petrol Pump Management Software version 1.0, consider restricting access to the /admin/ajax product.php file until a patch is available. As a temporary workaround, avoid using the `drop services` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Petrol Pump Management Software version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /admin/invoice.php. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For SourceCodester Petrol Pump Management Software version 1.0, consider restricting access to the /admin/invoice.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.