Liuzhouyang

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel and Lodge Management System version 1.0 **Description** A flaw exists in SourceCodester Hotel and Lodge Management System 1.0, specifically within the /pages/save tax.php file. Manipulation of the `percentage` argument can result in a SQL injection. This issue is potentially exploitable remotely, and details about the exploit have been publicly disclosed. **Recommendations** Apply any available updates or patches for SourceCodester Hotel and Lodge Management System version 1.0. As a temporary workaround, restrict access to the /pages/save tax.php file. Sanitize the `percentage` argument before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel and Lodge Management System version 1.0 **Description** A flaw exists in SourceCodester Hotel and Lodge Management System 1.0. The issue involves SQL injection, potentially exploitable remotely, stemming from manipulation of the `currcode` argument within an unknown function of the `/pages/save curr.php` file. The exploit for this issue has been published. **Recommendations** Apply a fix for the SQL injection issue in the `/pages/save curr.php` file. Restrict access to the `/pages/save curr.php` file until a fix is available. Sanitize the `currcode` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel and Lodge Management System version 1.0 **Description** A SQL injection issue exists in SourceCodester Hotel and Lodge Management System 1.0. The issue is located in the `/del curr.php` file. Manipulation of the `ID` parameter can lead to SQL injection. The attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel and Lodge Management System version 1.0 **Description** A flaw exists in SourceCodester Hotel and Lodge Management System 1.0 related to the `/del booking.php` file. Manipulation of the `ID` argument can lead to a SQL injection. This issue can be exploited remotely. The exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Learning Management System Project In PHP With Source Code version 1.0 **Description** The issue allows attackers to execute arbitrary SQL commands via the `id` parameter in the processscore.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** For Learning Management System Project In PHP With Source Code version 1.0, consider restricting access to the processscore.php file and avoid using the `id` parameter in this context until a patch is available. As a temporary workaround, restrict access to the vulnerable processscore.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Online Discussion Forum Project in PHP with Source Code version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `email` parameter in the "login.php" file. **Recommendations** For Itsourcecode Online Discussion Forum Project in PHP with Source Code version 1.0, consider restricting access to the "login.php" file until a patch is available. As a temporary workaround, avoid using the `email` parameter in the login functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Billing System version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the "process.php" file. **Recommendations** For Itsourcecode Billing System version 1.0, consider restricting access to the "process.php" file until a patch is available. As a temporary workaround, avoid using the `username` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Payroll Management System Project In PHP With Source Code version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the view payslip.php file. This enables attackers to manipulate the database by injecting malicious SQL code. **Recommendations** For Itsourcecode Payroll Management System Project In PHP With Source Code version 1.0, consider restricting access to the view payslip.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.