Lianhaorui

**Name of the Vulnerable Software and Affected Versions** ajayrandhawa User-Management-PHP-MYSQL versions prior to fedcf58797bf2791591606f7b61fdad99ad8bff1 **Description** A flaw exists within the User Management Interface component of the software, specifically concerning file uploads. Manipulation of the `image` argument in the `/admin/edit-user.php` file allows for unrestricted file uploads. This issue can be exploited remotely. The product utilizes a rolling release model, meaning specific affected and updated version details are unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ajayrandhawa User-Management-PHP-MYSQL web (affected versions not specified) **Description** A security flaw exists in ajayrandhawa User-Management-PHP-MYSQL web. The issue involves cross-site request forgery, allowing remote attackers to perform manipulation. The exploit for this issue has been publicly released. The vendor was notified but did not respond. The product uses continuous delivery with rolling releases, and no specific version details for affected or updated releases are available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System versions up to 1.1.0 **Description** A flaw exists in the Add Product Page component of the software, specifically affecting the file `/admin/index.php?add product`. This allows for unrestricted file upload, potentially enabling remote attacks. The exploit has been publicly released, and the vendor was notified but did not respond. **Recommendations** Versions prior to 1.1.0 should be updated. As a temporary workaround, restrict access to the `/admin/index.php?add product` endpoint.

**Name of the Vulnerable Software and Affected Versions** ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website versions prior to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4 **Description** A flaw exists in the Quantity Handler component of the software, specifically in the processing of the `/index.php` file. This results in inadequate validation of the quantity input. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Update to a version prior to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4.

**Name of the Vulnerable Software and Affected Versions** iPynch Social Network Website versions prior to b6933b6d7f82c84819abe458ccf0e59d61119541 **Description** A security flaw exists in the Search component of iPynch Social Network Website. Manipulation of an unknown function within this component can lead to SQL injection. This issue is potentially exploitable remotely, and an exploit has been publicly released. The product uses a rolling release strategy for continuous delivery. **Recommendations** Update iPynch Social Network Website to a version later than b6933b6d7f82c84819abe458ccf0e59d61119541.

**Name of the Vulnerable Software and Affected Versions** langleyfcu Online Banking System versions prior to 57437e6400ce0ae240e692c24e6346b8d0c17d7a **Description** A cross site scripting issue exists in the Error Message Handler component of langleyfcu Online Banking System. The issue is related to manipulation of the `Error` argument within the `/connection error.php` file. Remote exploitation is possible, and the exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.