Lio346

**Name of the Vulnerable Software and Affected Versions** CGI gem versions prior to 0.4.2 **Description** The CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes, leading to excessive resource consumption when parsing extremely large cookies. **Recommendations** For CGI gem versions prior to 0.4.2, update the CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the size of cookie values to prevent excessive resource consumption.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Book Shop version 1.0 **Description** A problem has been found in the software, affecting some unknown functionality of the file /booklist.php?subcatid=1. The issue is caused by the manipulation of the `subcatnm` argument, leading to cross site scripting. This can be exploited remotely. **Recommendations** For code-projects Online Book Shop version 1.0, as a temporary workaround, consider restricting access to the `/booklist.php` endpoint or disabling the manipulation of the `subcatnm` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Book Shop version 1.0 **Description** A critical issue has been found in the code-projects Online Book Shop, affecting an unknown part of the /booklist.php file. The manipulation of the `subcatid` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Online Book Shop version 1.0, as a temporary workaround, consider restricting access to the `/booklist.php` file or disabling the manipulation of the `subcatid` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Book Shop version 1.0 **Description** A critical issue has been found in the code-projects Online Book Shop, affecting unknown code in the /detail.php file. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Online Book Shop version 1.0, consider restricting access to the /detail.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the /detail.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Book Shop version 1.0 **Description** A critical issue affects the processing of the file /process login.php, where the manipulation of the `usernm` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For code-projects Online Book Shop version 1.0, consider disabling the `/process login.php` file or restricting access to it until a patch is available. Avoid using the `usernm` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Book Shop version 1.0 **Description** A critical issue has been found in the code-projects Online Book Shop. It affects an unknown function of the file /search result.php. The manipulation of the argument `s` leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Online Book Shop version 1.0, consider disabling the unknown function of the file /search result.php until a patch is available. Restrict access to the /search result.php file to minimize the risk of exploitation. Avoid using the argument `s` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Book Shop version 1.0 **Description** A critical issue was found in the code-projects Online Book Shop, affecting an unknown functionality of the file /subcat.php. The manipulation of the `cat` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Online Book Shop version 1.0, consider restricting access to the /subcat.php file until a patch is available. As a temporary workaround, avoid using the `cat` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Book Shop version 1.0 **Description** A problematic issue has been found in the file /subcat.php, where the manipulation of the `catnm` argument leads to cross site scripting. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For code-projects Online Book Shop version 1.0, consider disabling access to the /subcat.php file or restricting the use of the `catnm` argument until a patch is available. Avoid using the `catnm` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Student Management System version 1.0 **Description** A critical issue has been found in the showSubject1 function of the file /config/DbFunction.php. The manipulation of the `sid` argument leads to SQL injection. The attack can be initiated remotely. Other parameters might also be affected. **Recommendations** For code-projects Student Management System version 1.0, as a temporary workaround, consider disabling the `showSubject1` function until a patch is available. Restrict access to the `/config/DbFunction.php` file to minimize the risk of exploitation. Avoid using the `sid` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shoe Store version 1.0 **Description** A critical issue affects the processing of the file /details.php, where the manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Online Shoe Store version 1.0, as a temporary workaround, consider restricting access to the /details.php file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shoe Store version 1.0 **Description** A critical vulnerability has been found in the code-projects Online Shoe Store. It affects an unknown function of the file /details2.php. The manipulation of the `id` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Online Shoe Store version 1.0, as a temporary workaround, consider restricting access to the /details2.php file until a patch is available. Avoid using the `id` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shoe Store version 1.0 **Description** A critical issue has been found in the code-projects Online Shoe Store, affecting an unknown functionality of the file /admin/index.php. This leads to improper access controls, and the attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Online Shoe Store version 1.0, as a temporary workaround, consider restricting access to the /admin/index.php file until a patch is available. Additionally, review the access controls to ensure they are properly configured to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shoe Store version 1.0 **Description** A critical issue has been found in the code-projects Online Shoe Store, affecting some unknown functionality of the file /function/login.php. The manipulation of the `password` argument leads to SQL injection. The attack may be launched remotely. **Recommendations** For code-projects Online Shoe Store version 1.0, as a temporary workaround, consider disabling the login functionality in the /function/login.php file until a patch is available. Restrict access to the `password` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shoe Store version 1.0 **Description** A critical vulnerability was found in the code-projects Online Shoe Store. This issue affects an unknown part of the file /summary.php. The manipulation of the `tid` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Online Shoe Store version 1.0, as a temporary workaround, consider restricting access to the /summary.php file until a patch is available. Avoid using the `tid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shop version 1.0 **Description** A problem has been found in the code that affects the /view.php file. Manipulating the `name/details` argument leads to cross site scripting attacks. These attacks can be started from a remote location. **Recommendations** For code-projects Online Shop version 1.0, consider disabling access to the /view.php file until a patch is available. As a temporary workaround, avoid using the `name/details` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.