Laowuzi

**Name of the Vulnerable Software and Affected Versions** Codezips Technical Discussion Forum version 1.0 **Description** A critical issue affects some unknown functionality of the file signinpost.php. The manipulation of the `username` argument leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Codezips Technical Discussion Forum version 1.0, as a temporary workaround, consider restricting access to the signinpost.php file or disabling the functionality that manipulates the `username` argument until a patch is available. Avoid using the `username` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips E-Commerce Site version 1.0 **Description** A critical issue has been found in the signin.php file, affecting unknown processes. The manipulation of the `email` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Codezips E-Commerce Site version 1.0, as a temporary workaround, consider restricting access to the signin.php file or disabling the manipulation of the `email` argument until a patch is available. Avoid using the `email` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips E-Commerce Site version 1.0 **Description** A critical issue has been found in the newadmin.php file, affecting an unknown functionality. The manipulation of the `email` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been made public. **Recommendations** For Codezips E-Commerce Site version 1.0, as a temporary workaround, consider restricting access to the newadmin.php file until a patch is available. Avoid using the `email` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Codezips E-Commerce Site version 1.0 **Description** A critical issue was found in Codezips E-Commerce Site, affecting an unknown part of the file /admin/editorder.php. The manipulation of the argument `dstatus/quantity/ddate` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/editorder.php` file until a patch is available. Avoid using the `dstatus/quantity/ddate` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.