Laney

**Name of the Vulnerable Software and Affected Versions** Campcodes Division Regional Athletic Meet Game Result Matrix System version 2.1 **Description** A weakness exists in the Campcodes Division Regional Athletic Meet Game Result Matrix System. The issue affects unknown code within the `save up athlete.php` file. Manipulation of the `a name` argument leads to cross site scripting. The attack can be initiated remotely, and an exploit is publicly available. **Recommendations** Campcodes Division Regional Athletic Meet Game Result Matrix System version 2.1: Address the manipulation of the `a name` argument in the `save up athlete.php` file to prevent cross site scripting.

**Name of the Vulnerable Software and Affected Versions** Campcodes Division Regional Athletic Meet Game Result Matrix System version 2.1 **Description** A security issue exists in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1, specifically within the `save-games.php` file. Manipulation of the `game name` parameter can lead to cross-site scripting. The attack can be performed remotely. The exploit has been publicly released. The vulnerable component is the `save-games.php` file, and the vulnerable parameter is `game name`. **Recommendations** Versions prior to 2.1 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** campcodes School File Management System version 1.0 **Description** A security issue exists in campcodes School File Management System 1.0. The issue involves unrestricted file upload due to manipulation of the `File` argument within an unknown function of the `/save file.php` file. This can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Cake Ordering System version 1.0 **Description** A SQL injection issue exists in itsourcecode Online Cake Ordering System 1.0. The manipulation of the `ID` argument in the `/detailtransac.php` file can lead to SQL injection. This allows for remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations** itsourcecode Online Cake Ordering System version 1.0: Address the SQL injection issue by sanitizing the `ID` argument in the `/detailtransac.php` file.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Cake Ordering System version 1.0 **Description** A flaw exists in itsourcecode Online Cake Ordering System version 1.0 that allows for SQL injection. The issue is located in the `/updatecustomer.php?action=edit` file. Manipulation of the `ID` parameter can trigger the injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** versions prior to 1.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Cake Ordering System version 1.0 **Description** A SQL injection issue exists in itsourcecode Online Cake Ordering System version 1.0. The issue is located in an unknown function within the `/updatesupplier.php?action=edit` file. Manipulation of the `ID` argument can lead to SQL injection. The attack can be initiated remotely. The exploit for this issue has been publicly released. **Recommendations** versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the `/updatesupplier.php?action=edit` file until a patch is available. Avoid using the `ID` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: PHPGurukul Men Salon Management System version 1.0 Description: A critical issue was discovered in the system, affecting an unknown part of the /admin/add-services.php file. The manipulation of the `cost` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be used. Recommendations: For PHPGurukul Men Salon Management System version 1.0, consider disabling access to the /admin/add-services.php file until a patch is available. Restrict the manipulation of the `cost` argument to minimize the risk of SQL injection. Avoid using the `cost` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Men Salon Management System version 1.0 **Description** A critical issue was found in the PHPGurukul Men Salon Management System, affecting some unknown functionality of the file /appointment.php. The manipulation of the `Name` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Men Salon Management System version 1.0, as a temporary workaround, consider restricting access to the /appointment.php file until a patch is available. Additionally, avoid using the `Name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.