Liyu

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Beauty Parlor Management System version 1.0 **Description** A flaw exists in Campcodes Online Beauty Parlor Management System 1.0 that allows for sql injection. The issue is located in the file `/admin/view-appointment.php` and involves the manipulation of the `viewid` argument. This can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Beauty Parlor Management System version 1.0 **Description** A security flaw exists in Campcodes Online Beauty Parlor Management System 1.0. The issue involves a SQL injection impacting an unknown functionality within the `/admin/sales-reports-detail.php` file. Manipulation of the `fromdate/todate` argument can trigger the injection. This attack can be launched remotely, and an exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Beauty Parlor Management System version 1.0 **Description** A flaw exists in Campcodes Online Beauty Parlor Management System 1.0, specifically within the file `/admin/add-customer.php`. Manipulation of the `mobilenum` argument can lead to a SQL injection. This issue is exploitable remotely, and details about the exploit are publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Beauty Parlor Management System version 1.0 **Description** A flaw exists in Campcodes Online Beauty Parlor Management System 1.0, specifically within the /admin/add-services.php file. Manipulation of the `sername` argument can result in a SQL injection. This issue is remotely exploitable and has been publicly disclosed. **Recommendations** Apply any available updates to address the vulnerability in the /admin/add-services.php file. As a temporary workaround, sanitize or validate the `sername` argument to prevent SQL injection attacks. Restrict access to the /admin/add-services.php file to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Beauty Parlor Management System version 1.0 **Description** A security issue exists in Campcodes Online Beauty Parlor Management System 1.0. The issue involves potential SQL injection due to manipulation of the `fromdate`/`todate` argument within the file '/admin/bwdates-reports-details.php'. This could allow for remote attacks. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Beauty Parlor Management System version 1.0 **Description** A security flaw exists in Campcodes Online Beauty Parlor Management System. The issue involves SQL injection due to the manipulation of the `editid` argument in the processing of the file '/admin/edit-customer-detailed.php'. This allows for remote attacks. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Food Distributor Site version 1.0 Description: A critical issue has been found in the processing of the file /admin/process login.php. The manipulation of the `username` and `password` arguments leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For code-projects Food Distributor Site version 1.0, consider disabling the `/admin/process login.php` file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `username` and `password` arguments in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: code-projects Food Distributor Site version 1.0 Description: A vulnerability was found in the code-projects Food Distributor Site, affecting an unknown function of the file /admin/save settings.php. The manipulation of the argument `site phone`, `site email`, or `address` leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For code-projects Food Distributor Site version 1.0, as a temporary workaround, consider disabling the functionality related to the file /admin/save settings.php until a patch is available. Restrict access to the `site phone`, `site email`, and `address` arguments in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.2.10 **Description** A vulnerability was found in the file /admin/twitter.php of the component Whisper Page, leading to cross site scripting. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Emlog Pro version 2.2.10, consider disabling access to the /admin/twitter.php file until a patch is available. Restrict access to the Whisper Page component to minimize the risk of exploitation. Avoid using the affected file in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.2.10 **Description** A issue was found in the Post Tag Handler component, specifically in the file /admin/tag.php. This leads to cross site scripting, which can be initiated remotely. **Recommendations** For Emlog Pro version 2.2.10, consider disabling access to the /admin/tag.php file until a fix is available. Restrict the use of the Post Tag Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** slowlyo OwlAdmin versions up to 3.5.7 **Description** A problematic issue has been found in slowlyo OwlAdmin, affecting some unknown functionality of the file "/admin-api/upload image" of the component Image File Upload. The manipulation of the argument `file` leads to cross-site scripting. The attack may be launched remotely. **Recommendations** For versions up to 3.5.7, consider disabling the `/admin-api/upload image` endpoint until a patch is available. Restrict access to the Image File Upload component to minimize the risk of exploitation. Avoid using the `file` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** bihell Dice version 3.1.0 **Description** A problem was found in the Comment Handler component, which can be exploited to perform cross-site scripting. This issue can be attacked remotely. **Recommendations** For bihell Dice version 3.1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.