Li Yu

**Name of the Vulnerable Software and Affected Versions** Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System version 1.0 **Description** A vulnerability was found in the system, classified as problematic, allowing files or directories to be accessible. The manipulation can be done remotely, and multiple endpoints are affected. The vendor was contacted about this disclosure but did not respond. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the system until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Warehouse Management System version 1.0 **Description** A problematic vulnerability was found in the SourceCodester Warehouse Management System, affecting the file pengguna.php. The manipulation of the arguments `admin user`, `admin nama`, `admin alamat`, `admin telepon` leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For SourceCodester Warehouse Management System version 1.0, consider disabling the manipulation of the arguments `admin user`, `admin nama`, `admin alamat`, `admin telepon` in the file pengguna.php as a temporary workaround until a patch is available. Restrict access to the pengguna.php file to minimize the risk of exploitation. Avoid using the affected arguments in the system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Warehouse Management System version 1.0 **Description** A vulnerability was found in the SourceCodester Warehouse Management System, affecting an unknown functionality of the file barang.php. The manipulation of the `nama barang/merek` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester Warehouse Management System version 1.0, consider restricting access to the barang.php file until a patch is available. As a temporary workaround, avoid using the `nama barang/merek` argument in the affected functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Warehouse Management System version 1.0 **Description** A problematic issue was found in the SourceCodester Warehouse Management System, affecting some unknown functionality of the file supplier.php. The manipulation of the arguments `nama supplier`, `alamat supplier`, and `notelp supplier` leads to cross-site scripting. The attack may be launched remotely. **Recommendations** For SourceCodester Warehouse Management System version 1.0, consider restricting access to the supplier.php file and the arguments `nama supplier`, `alamat supplier`, and `notelp supplier` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Warehouse Management System version 1.0 **Description** A vulnerability has been found in the SourceCodester Warehouse Management System, affecting the file customer.php. The manipulation of the arguments `nama customer`, `alamat customer`, and `notelp customer` leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Warehouse Management System version 1.0, consider disabling the manipulation of the arguments `nama customer`, `alamat customer`, and `notelp customer` in the customer.php file until a patch is available. Restrict access to the customer.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Prison Management System, affecting the file /Employee/delete leave.php. This issue leads to sql injection and can be initiated remotely. The exploit has been disclosed publicly. **Recommendations** For SourceCodester Prison Management System version 1.0, consider restricting access to the /Employee/delete leave.php file until a patch is available. As a temporary workaround, avoid using parameters that may lead to sql injection in this file. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Laundry Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Laundry Management System, affecting the file /karyawan/laporan filter. The manipulation of the `data karyawan` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Laundry Management System version 1.0, consider restricting access to the /karyawan/laporan filter file until a patch is available. As a temporary workaround, avoid using the `data karyawan` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Laundry Management System version 1.0 **Description** A critical issue affects the function `laporan filter` of the file `/application/controller/Pelanggan.php`. The manipulation of the argument `jeniskelamin` leads to sql injection. The attack may be initiated remotely. **Recommendations** For SourceCodester Laundry Management System version 1.0, as a temporary workaround, consider disabling the `laporan filter` function until a patch is available. Restrict access to the `/application/controller/Pelanggan.php` file to minimize the risk of exploitation. Avoid using the argument `jeniskelamin` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Laundry Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Laundry Management System. The `laporan filter` function of the file `/application/controller/Transaki.php` is affected. The manipulation of the `dari/sampai` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Laundry Management System version 1.0, as a temporary workaround, consider disabling the `laporan filter` function until a patch is available. Restrict access to the `/application/controller/Transaki.php` file to minimize the risk of exploitation. Avoid using the `dari/sampai` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Laundry Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Laundry Management System. The `laporan filter` function in the `/application/controller/Pengeluaran.php` file is affected. The manipulation of the `dari/sampai` argument leads to SQL injection. **Recommendations** For SourceCodester Laundry Management System version 1.0, as a temporary workaround, consider disabling the `laporan filter` function until a patch is available. Restrict access to the `/application/controller/Pengeluaran.php` file to minimize the risk of exploitation. Avoid using the `dari/sampai` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Laundry Management System version 1.0 **Description** A vulnerability has been found in the SourceCodester Laundry Management System, classified as problematic. This issue affects unknown code of the file /karyawan/edit. The manipulation of the `karyawan` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For SourceCodester Laundry Management System version 1.0, consider disabling access to the /karyawan/edit file until a patch is available. Restrict the manipulation of the `karyawan` argument to minimize the risk of cross-site scripting exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue affects the processing of the file /Admin/login.php, leading to sql injection. The attack may be initiated remotely. **Recommendations** For SourceCodester Prison Management System version 1.0, consider restricting access to the /Admin/login.php file until a patch is available. As a temporary workaround, avoid using parameters that may lead to sql injection in the affected file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue has been found, allowing for sql injection through an unknown function of the file /Account/login.php. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks. **Recommendations** For SourceCodester Prison Management System version 1.0, as a temporary workaround, consider restricting access to the /Account/login.php file until a patch is available. Avoid using this file for login operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Prison Management System, affecting an unknown functionality of the file /Admin/edit profile.php. This issue leads to sql injection and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For SourceCodester Prison Management System version 1.0, consider disabling access to the /Admin/edit profile.php file until a patch is available to prevent sql injection attacks. Restricting remote access to this file can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Prison Management System, affecting some unknown functionality of the file /Employee/edit-profile.php. This issue leads to sql injection and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For SourceCodester Prison Management System version 1.0, consider disabling access to the /Employee/edit-profile.php file until a patch is available. Restricting database access and input validation can also help minimize the risk of sql injection. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue was discovered in the Avatar Handler component, specifically affecting the /Admin/edit-photo.php file. The `avatar` argument is vulnerable to manipulation, leading to unrestricted upload. This issue can be exploited remotely. **Recommendations** For SourceCodester Prison Management System version 1.0, consider restricting access to the /Admin/edit-photo.php file and the `avatar` argument to prevent unrestricted upload until a fix is available. As a temporary workaround, disabling the Avatar Handler component may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue affects the Avatar Handler component, specifically the file /Admin/add-admin.php. The manipulation of the `avatar` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For SourceCodester Prison Management System version 1.0, consider disabling the Avatar Handler component or restricting access to the /Admin/add-admin.php file until a patch is available. Avoid using the `avatar` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.