Keopssgroup0Day

**Name of the Vulnerable Software and Affected Versions** e-Learning PHP Script version 0.1.0 **Description** The software contains a SQL injection issue in the search functionality. Attackers can manipulate database queries through unvalidated user input. Specifically, malicious SQL code can be injected through the `search` parameter to potentially extract, modify, or access sensitive database information. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `search` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Phpscript-sgh version 0.1.0 **Description** The software contains a time-based blind SQL injection issue in the admin interface. Attackers can manipulate database queries through the `id` parameter. Exploitation involves crafting malicious payloads that cause time delays, allowing extraction of sensitive database information using conditional sleep techniques. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.