M00N_L33

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Ordering Management System version 1.0 **Description** A security issue exists in SourceCodester Food Ordering Management System 1.0. The vulnerability is due to SQL injection in an unknown function of the file `/routers/ticket-message.php`. Manipulation of the `ticket id` argument can lead to SQL injection. The exploit has been publicly disclosed and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/routers/ticket-message.php` file until a fix is available. Sanitize the `ticket id` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Ordering Management System version 1.0 **Description** A security issue exists in SourceCodester Food Ordering Management System 1.0. Manipulation of the `phone` argument in an unknown function within the `/routers/register-router.php` file can lead to SQL injection. This issue may be exploited remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting or sanitizing the `phone` parameter in the `/routers/register-router.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Campcodes/SourceCodester Courier Management System version 1.0 **Description** A SQL injection issue exists in the `Login` function of the `/ajax.php` file. Manipulation of the `email` argument can lead to SQL injection. The issue is remotely exploitable and has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/ajax.php` file until a fix is available. Sanitize the `email` input parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Campcodes/SourceCodester Courier Management System version 1.0 **Description** A security flaw has been discovered in the `Signup` function of the `/ajax.php` file, which results in SQL injection. Manipulation of the `lastname` argument can initiate the attack remotely. The exploit has been released to the public and may be exploited. **Recommendations** As a temporary workaround, consider restricting access to the `/ajax.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Shopping System version 1.0 **Description** A SQL injection issue exists in Campcodes Online Shopping System 1.0. The issue is located in the `/product.php` file, where manipulation of the `p` argument can lead to SQL injection. The attack can be initiated remotely. The exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Shopping System version 1.0 **Description** A SQL injection issue exists in Campcodes Online Shopping System version 1.0. The issue is located in the `/login.php` file, affecting an unknown function. Manipulation of the `Password` argument can lead to successful exploitation. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/login.php` file until a fix is available.

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Information System version 1.0 Description: A vulnerability exists in SourceCodester Human Resource Information System 1.0, specifically within an unknown functionality of the `/Superadmin Dashboard/process/editemployee process.php` file. Manipulation of the `employee file201` argument allows for unrestricted file uploads. This issue can be exploited remotely. The exploit has been publicly disclosed and may be in use. Recommendations: As a mitigation, restrict access to the `/Superadmin Dashboard/process/editemployee process.php` file. Avoid using the `employee file201` argument in the affected file until a fix is available.

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Information System version 1.0 Description: A flaw exists in SourceCodester Human Resource Information System 1.0 within an unknown functionality of the `/Admin Dashboard/process/editemployee process.php` file. Manipulation of the `employee file201` argument results in unrestricted upload. The attack can be initiated remotely. The exploit has been published and may be used. Recommendations: Address the unrestricted upload issue in the `/Admin Dashboard/process/editemployee process.php` file. Sanitize or validate the `employee file201` argument to prevent unrestricted file uploads. Restrict access to the `/Admin Dashboard/process/editemployee process.php` file to authorized personnel only.

Name of the Vulnerable Software and Affected Versions: SourceCodester Advanced School Management System version 1.0 Description: A cross-site scripting issue exists in SourceCodester Advanced School Management System 1.0. The issue is located in an unknown function within the `/index.php/notice/addNotice` file. Manipulation of the `noticeSubject` argument can trigger the issue, allowing for remote attacks. The exploit is publicly available. Recommendations: As a temporary workaround, consider restricting or disabling the functionality associated with the `/index.php/notice/addNotice` file until a fix is available.

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A SQL injection issue exists in the SourceCodester COVID 19 Testing Management System. The `Username` parameter in the `/login.php` API endpoint is susceptible to manipulation, potentially allowing for unauthorized access or data breaches. The exploit for this issue has been publicly disclosed. Recommendations: As a temporary workaround, sanitize the `Username` input to prevent SQL injection attacks. Restrict access to the `/login.php` endpoint to minimize the risk of exploitation.