L0Ners

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file `/ajax.php?action=save payment`. Manipulation of the `loan id` parameter can lead to SQL injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. Recommendations: As a temporary workaround, consider restricting access to the `/ajax.php?action=save payment` file until a fix is available. Avoid using the `loan id` parameter in the affected API endpoint `/ajax.php?action=save payment` until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Campcodes Online Water Billing System version 1.0 Description: A vulnerability exists in Campcodes Online Water Billing System that allows for SQL injection. The issue affects an unknown function within the `/addclient1.php` file. Manipulation of the `lname` argument can lead to exploitation. The attack can be launched remotely, and the exploit has been publicly disclosed. Other parameters may also be affected. Recommendations: As a temporary workaround, consider restricting access to the `/addclient1.php` file until a fix is available. Sanitize the `lname` argument to prevent SQL injection attacks. Review and sanitize all other parameters used in the `/addclient1.php` file to identify and address potential vulnerabilities.

Name of the Vulnerable Software and Affected Versions: Campcodes Payroll Management System version 1.0 Description: A critical issue exists in Campcodes Payroll Management System. The manipulation of the `ID` argument in an unknown function of the file `/ajax.php?action=delete allowances` leads to a SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Payroll Management System version 1.0 **Description:** A critical vulnerability exists in Campcodes Payroll Management System. The vulnerability affects an unknown functionality of the `/ajax.php?action=save deductions` file. Manipulation of the `ID` argument results in a SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations:** Campcodes Payroll Management System version 1.0: Address the SQL injection vulnerability by sanitizing or validating the `ID` argument in the `/ajax.php?action=save deductions` file.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul COVID19 Testing Management System version 1.0 **Description** A critical issue has been found in the PHPGurukul COVID19 Testing Management System. The problem affects an unknown function of the file /new-user-testing.php. Manipulation of the `mobilenumber` argument leads to SQL injection. It is possible to launch the attack remotely. Other parameters might also be affected. **Recommendations** For PHPGurukul COVID19 Testing Management System version 1.0, consider disabling the `mobilenumber` argument in the /new-user-testing.php file as a temporary workaround until a patch is available. Restrict access to the /new-user-testing.php file to minimize the risk of exploitation. Avoid using the `mobilenumber` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul COVID19 Testing Management System version 1.0 **Description** A critical vulnerability has been found in the PHPGurukul COVID19 Testing Management System. This issue affects unknown code of the file `/edit-phlebotomist.php?pid=11`. The manipulation of the argument `mobilenumber` leads to SQL injection. The attack can be initiated remotely. Other parameters might also be affected. **Recommendations** As a temporary workaround, consider disabling the `/edit-phlebotomist.php` endpoint until a patch is available. Restrict access to the `mobilenumber` argument in the affected API endpoint to minimize the risk of exploitation. Avoid using the `mobilenumber` parameter in the `/edit-phlebotomist.php` endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul COVID19 Testing Management System version 1.0 **Description** A critical vulnerability was found in PHPGurukul COVID19 Testing Management System. The issue affects an unknown functionality of the file /add-phlebotomist.php. The manipulation of the `empid` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the /add-phlebotomist.php file until a patch is available. Restrict access to the `empid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul COVID19 Testing Management System version 1.0 **Description** A critical vulnerability has been found in the PHPGurukul COVID19 Testing Management System. The issue affects some unknown functionality of the file /bwdates-report-result.php. The manipulation of the `todate` argument leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. **Recommendations** As a temporary workaround, consider restricting access to the /bwdates-report-result.php file until a patch is available. Avoid using the `todate` argument in the affected file until the issue is resolved. Restrict access to the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul COVID19 Testing Management System version 1.0 **Description** A critical issue was found in the PHPGurukul COVID19 Testing Management System. This issue affects an unknown part of the file /check availability.php. The manipulation of the `mobnumber` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For PHPGurukul COVID19 Testing Management System version 1.0, consider restricting access to the /check availability.php file until a patch is available. As a temporary workaround, avoid using the `mobnumber` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MaxSite CMS version 107.5 Description: A Remote Code Execution (RCE) issue exists via the Documents page, allowing for potential code execution. Recommendations: For MaxSite CMS version 107.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Pluck version 4.7.15 Description: A remote command execution issue exists in the admin background when uploading files. Recommendations: For Pluck version 4.7.15, update to a version that fixes the remote command execution vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.