Mahushuai

**Name of the Vulnerable Software and Affected Versions** Iqbolshoh php-business-website (affected versions not specified) **Description** A security issue exists that allows for unrestricted file upload. The issue affects an unknown part of the `/admin/about.php` file and can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Iqbolshoh php-business-website versions prior to 10677743a8dfc281f85291a27cf63a0bce043c24 **Description** A cross-site scripting issue exists in Iqbolshoh php-business-website. The issue is located in the `admin/contact.php` file, where manipulation of the `twitter` argument can trigger the flaw. The attack can be initiated remotely. The exploit has been published. The product uses a rolling release model, making specific version information for updates unavailable. Other parameters may also be affected. The vendor was contacted but did not respond. **Recommendations** Update to a version prior to 10677743a8dfc281f85291a27cf63a0bce043c24.

**Name of the Vulnerable Software and Affected Versions** yousaf530 Inferno Online Clothing Store versions prior to 827dd42bfbe380e8de76fdc67958c24cf1246208 **Description** A SQL injection issue exists in yousaf530 Inferno Online Clothing Store. The issue is due to improper handling of user-supplied input in an unknown function within the `/log.php` file. Manipulation of the `cemail` or `password` parameters allows an attacker to inject malicious SQL code into database queries. This could lead to unauthorized data access or modification. The exploit is publicly available. **Recommendations** Update yousaf530 Inferno Online Clothing Store to a version prior to 827dd42bfbe380e8de76fdc67958c24cf1246208. As a temporary workaround, restrict access to the `/log.php` file to minimize the risk of exploitation. Avoid using the `cemail` and `password` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** jimit105 Project-Online-Shopping-Website versions up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64 **Description** A flaw exists in the Product Inventory Handler component of jimit105 Project-Online-Shopping-Website. The issue involves a SQL injection that occurs through manipulation of the `product code` argument in the `/delete.php` file. This allows for remote exploitation. The exploit has been published. The product utilizes a rolling release model, and no specific version details for affected or updated releases are available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nahiduddinahammed Hospital-Management-System-Website versions prior to e6562429e14b2f88bd2139cae16e87b965024097 **Description** A SQL injection issue exists in the /delete.php file processing of the `ai` argument. This manipulation can be initiated remotely. The exploit is publicly available. The product uses a rolling release model, and the vendor did not respond to early disclosure attempts. **Recommendations** Update to a version prior to e6562429e14b2f88bd2139cae16e87b965024097.

**Name of the Vulnerable Software and Affected Versions** langleyfcu Online Banking System versions prior to 57437e6400ce0ae240e692c24e6346b8d0c17d7a **Description** A security issue exists in the langleyfcu Online Banking System. The manipulation of the `First Name` argument in the `/customer add action.php` file, within the Add Customer Page component, can lead to cross site scripting. The exploitation of this issue is possible remotely. The exploit is publicly available. **Recommendations** Apply updates to versions prior to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Avoid using the `First Name` argument in the `/customer add action.php` file until the issue is resolved.