Liu Lanling

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patient Appointment Scheduler System version 1.0 **Description** SQL Injection is possible in the file '/scheduler/admin/user/manage user.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Storage Unit Rental Management System version 1.0 **Description** SQL injection is possible in the file '/storage/admin/tenants/view details.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Storage Unit Rental Management System version 1.0 **Description** An issue exists in the file '/storage/admin/maintenance/manage pricing.php' that allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. **Recommendations** As a temporary workaround, restrict access to the file '/storage/admin/maintenance/manage pricing.php' to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Employees Work From Home Attendance System version 1.0 **Description** SQL Injection is possible in the file '/wfh attendance/admin/view att.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patient Appointment Scheduler System version 1.0 **Description** SQL Injection is possible in the file '/scheduler/admin/appointments/view details.php'. SQL Injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Storage Unit Rental Management System version 1.0 **Description** SQL Injection is possible in the file '/storage/admin/rents/manage rent.php'. **Recommendations** As a temporary workaround, restrict access to the file '/storage/admin/rents/manage rent.php' to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The Sourcecodester Pharmacy Point of Sale System version 1.0 is susceptible to SQL Injection. This issue affects the `/pharmacy/manage stock.php` endpoint. Successful exploitation could allow an attacker to manipulate database queries. The vulnerable parameter is not specified. **Recommendations** Apply any available updates or patches to address the SQL Injection issue in the `/pharmacy/manage stock.php` endpoint. As a temporary workaround, consider restricting access to the `/pharmacy/manage stock.php` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Logistic Hub Parcel's Management System version 1.0 **Description** The software is susceptible to SQL Injection. The issue is present in the `/manage parcel type.php` file. The `manage parcel type.php` script does not properly sanitize user-supplied input, allowing attackers to inject malicious SQL code. This could potentially allow an attacker to access, modify, or delete data from the database. **Recommendations** Apply appropriate input validation and sanitization techniques to all user-supplied data used in SQL queries within the `/manage parcel type.php` file.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Logistic Hub Parcel's Management System version 1.0 **Description** The software is susceptible to SQL injection through the `/manage carrier.php` endpoint. The vulnerability exists due to insufficient input validation when handling requests to this endpoint. The vulnerable parameter is not specified. **Recommendations** Apply input validation and sanitization techniques to all user-supplied data before using it in SQL queries related to the `/manage carrier.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The software is susceptible to a SQL Injection issue. The vulnerability is located in the `/pharmacy/manage product.php` file. The `manage product.php` script does not properly sanitize user-supplied input, allowing an attacker to inject malicious SQL code. The vulnerable parameter is not specified. This could allow an attacker to potentially access, modify, or delete data within the database. **Recommendations** Apply input validation and sanitization techniques to all user-supplied data used in SQL queries within the `/pharmacy/manage product.php` file.