L1Nk

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions through 2.5.18 Description: A security vulnerability has been detected in Emlog Pro. The issue affects an unknown function within the `/admin/blogger.php?action=update avatar` file. Manipulation of the `image` argument allows for unrestricted file uploads, and the attack can be executed remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond. Recommendations: Versions prior to 2.5.18 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions through 2.5.18 Description: A weakness has been identified that allows for unrestricted file upload. This issue affects the processing of the file `/admin/media.php?action=upload&sid=0`. Manipulation of the `File` argument can lead to the vulnerability. The attack can be launched remotely, and an exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond. Recommendations: Versions prior to 2.5.18 are affected. As a temporary workaround, consider restricting access to the `/admin/media.php` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0 Description: A cross site scripting issue exists due to the manipulation of the `ssalescat` argument in the processing of the `/superstore/admin/sales.php` file. The attack can be initiated remotely and the exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0 Description: A vulnerability exists in an unknown functionality of the file `/superstore/custcmp.php`. Manipulation of the `Username` argument leads to a SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed. Recommendations: For 1000 Projects Sales Management System version 1.0, sanitize or validate the `Username` parameter to prevent SQL injection. As a temporary workaround, consider restricting access to the `/superstore/custcmp.php` file until a fix is available.

**Name of the Vulnerable Software and Affected Versions:** 1000 Projects Sales Management System version 1.0 **Description:** A SQL injection issue exists in 1000 Projects Sales Management System 1.0. The vulnerability affects an unknown functionality within the `/superstore/dist/dordupdate.php` file. Manipulation of the `select2` argument can lead to SQL injection, and the attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. **Recommendations:** Versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the `/superstore/dist/dordupdate.php` file until a patch is available.

Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0 Description: A vulnerability has been found in an unknown function of the file `/sales.php`. The manipulation of the argument `select2112` leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For 1000 Projects Sales Management System version 1.0, sanitize or properly validate the `select2112` argument to prevent the injection of malicious scripts. As a temporary workaround, consider restricting access to the `/sales.php` file until a patch is available.

Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0 Description: A vulnerability exists in 1000 Projects Sales Management System 1.0, affecting unknown code within the `/superstore/admin/sales.php` file. Manipulation of the `ssalescat` parameter results in a SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Attendance Tracking Management System version 1.0 **Description** A critical vulnerability was found in the 1000 Projects Attendance Tracking Management System. This issue affects unknown code of the file /admin/edit action.php. The manipulation of the `attendance id` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling access to the /admin/edit action.php file until a patch is available. As a temporary workaround, restrict the manipulation of the `attendance id` argument to minimize the risk of SQL injection exploitation. Avoid using the `attendance id` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips Gym Management System version 1.0 **Description** A critical vulnerability has been found in Codezips Gym Management System. This affects an unknown part of the file /dashboard/admin/edit mem submit.php. The manipulation of the argument `uid` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/dashboard/admin/edit mem submit.php` endpoint until a patch is available. Avoid using the `uid` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Wazifa System version 1.0 **Description** A critical issue was found in the code-projects Wazifa System, affecting an unknown part of the file /controllers/logincontrol.php. The manipulation of the `username` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Wazifa System version 1.0, as a temporary workaround, consider restricting access to the `/controllers/logincontrol.php` file or disabling the manipulation of the `username` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.