M0Ker

**Name of the Vulnerable Software and Affected Versions** MuFen-mker PHP-Usermm versions prior to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9 **Description** A SQL injection issue exists in the file `/chkuser.php` due to manipulation of the `Username` argument. This allows for remote attacks. The exploit is publicly available. The software uses a rolling release model, and specific version information for affected or updated releases is not available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JackieDYH Resume-management-system versions prior to fb6b857d852dd796e748ce30c606fe5e61c18273 **Description** A flaw exists in JackieDYH Resume-management-system that allows for SQL injection through manipulation of the `userid` argument in the /admin/show.php file. This manipulation can be initiated remotely. The product uses a rolling release model, and specific version information for affected or updated releases is not available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kidaze CourseSelectionSystem (affected versions not specified) **Description** A vulnerability exists in kidaze CourseSelectionSystem related to SQL injection. Manipulation of the `Branch` argument in an unknown function within the `/Profilers/PriProfile/eligibility.php` file can lead to a successful attack. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000projects Beauty Parlour Management System version 1.0 **Description** A security issue has been identified in 1000projects Beauty Parlour Management System version 1.0. The vulnerability allows for SQL injection through manipulation of the `mobnumber` argument in the `/admin/contact-us.php` file. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/contact-us.php` file to minimize the risk of exploitation. Sanitize the `mobnumber` input to prevent SQL injection attacks.