Lingze

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A vulnerability was found in the SourceCodester Web-based Pharmacy Product Management System. This issue affects the file add-admin.php and is related to the manipulation of the arguments `txtpassword`, `txtfullname`, and `txtemail`, which leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling the `add-admin.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the arguments `txtpassword`, `txtfullname`, and `txtemail` in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown functionality of the file /add-product.php. The manipulation of the `Avatar` argument leads to unrestricted upload. The attack can be launched remotely. **Recommendations** For SourceCodester Web-based Pharmacy Product Management System version 1.0, consider restricting access to the /add-product.php file until a patch is available. As a temporary workaround, avoid using the `Avatar` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Web-based Pharmacy Product Management System. This issue affects the file `/edit-product.php` and allows for unrestricted upload through the manipulation of the `Avatar` argument. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Web-based Pharmacy Product Management System version 1.0, consider disabling the file upload functionality in `/edit-product.php` to prevent exploitation until a patch is available. Restrict access to the `Avatar` argument to minimize the risk of unrestricted upload. Avoid using the `Avatar` argument in the `/edit-product.php` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical issue has been found in the processing of the file `/edit-photo.php`. The manipulation of the argument `Avatar` leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `/edit-photo.php` file until a patch is available. Restrict access to the `Avatar` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical issue has been found in the Database Backup Handler component, specifically in the file backup.php. The manipulation of the `txtdbname` argument leads to os command injection. This issue can be exploited remotely. **Recommendations** For version 1.0, consider disabling the Database Backup Handler component or restricting access to the backup.php file until a patch is available. Avoid using the `txtdbname` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical issue has been discovered, affecting the Login Handler component. The manipulation of the `login email` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Web-based Pharmacy Product Management System version 1.0, consider restricting access to the Login Handler component until a fix is available. As a temporary workaround, avoid using the `login email` argument in the affected login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical issue was found in the system, affecting the file /search/search stock.php. The manipulation of the `Name` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For version 1.0, consider restricting access to the /search/search stock.php file until a fix is available. As a temporary workaround, avoid using the `Name` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical issue has been found in the system, affecting the processing of the file /edit-product.php. The manipulation of the `ID` argument leads to SQL injection. The attack may be initiated remotely. **Recommendations** For SourceCodester Web-based Pharmacy Product Management System version 1.0, consider restricting access to the /edit-product.php file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** iSourcecode Library Management System version 1.0 **Description** A critical issue was found in the Search function of the file library management/src/Library Management/Forgot.java. The manipulation of the `txtuname` argument leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the Search function in the affected file until a patch is available. Restrict access to the `library management/src/Library Management/Forgot.java` file to minimize the risk of exploitation. Avoid using the `txtuname` argument in the Search function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.