Maloy Roy Orko

**Name of the Vulnerable Software and Affected Versions** s-a-zhd Ecommerce-Website-using-PHP version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /shop.php. The manipulation of the `p cat` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For version 1.0, consider restricting access to the /shop.php file until a fix is available. As a temporary workaround, avoid using the `p cat` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** s-a-zhd Ecommerce-Website-using-PHP version 1.0 **Description** A critical issue was found in the software, affecting some unknown functionality of the file /customer register.php. The manipulation of the `name` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For version 1.0, consider restricting access to the /customer register.php file until a fix is available, and avoid using the `name` argument in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ecommerce-Website-using-PHP version 1.0 **Description** A critical issue has been found, affecting an unknown part of the file details.php. The manipulation of the `pro id` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For Ecommerce-Website-using-PHP version 1.0, consider restricting access to the `details.php` file until a patch is available. As a temporary workaround, avoid using the `pro id` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: needyamin Library Card System version 1.0 Description: A critical vulnerability was found in the needyamin Library Card System, affecting an unknown functionality of the file /signup.php of the component Add Picture. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For needyamin Library Card System version 1.0, as a temporary workaround, consider disabling the file /signup.php of the component Add Picture until a patch is available. Restrict access to the Add Picture component to minimize the risk of exploitation. Avoid using the /signup.php file in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: needyamin Library Card System version 1.0 Description: A critical issue affects some unknown functionality of the file card.php. The manipulation of the `id` argument leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For needyamin Library Card System version 1.0, as a temporary workaround, consider restricting access to the `card.php` file until a patch is available. Avoid using the `id` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** needyamin Library Card System version 1.0 **Description** A critical issue affects the processing of the file admin.php of the component Login in needyamin Library Card System. The manipulation of the `email` or `password` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For needyamin Library Card System version 1.0, as a temporary workaround, consider restricting access to the `admin.php` file of the Login component until a patch is available. Avoid using the `email` and `password` arguments in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** needyamin Library Card System version 1.0 **Description** A critical issue has been identified in the Admin Panel component, specifically in the admindashboard.php file, where an unknown function is affected. The manipulation of the `email` and `password` arguments leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. **Recommendations** needyamin Library Card System version 1.0: Update the admindashboard.php file to prevent SQL injection by properly sanitizing the `email` and `password` arguments. As a temporary workaround, consider restricting access to the Admin Panel component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** needyamin Library Card System version 1.0 **Description** A problem was found in the needyamin Library Card System. It affects an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the arguments `firstname`, `lastname`, `email`, `borrow`, `user address` leads to cross site scripting. The attack can be launched remotely. Other parameters might be affected as well. **Recommendations** needyamin Library Card System version 1.0: Update the signup.php file in the Registration Page component to prevent the manipulation of the `firstname`, `lastname`, `email`, `borrow`, `user address` arguments, which lead to cross site scripting.

**Name of the Vulnerable Software and Affected Versions** needyamin image gallery version 1.0 **Description** A problematic issue has been found in the image gallery function of the file /view.php. The manipulation of the `username` argument leads to cross site scripting. It is possible to initiate the attack remotely. The issue has been disclosed to the public and the vendor was contacted but did not respond. **Recommendations** needyamin image gallery version 1.0: Update the image gallery function in /view.php to properly sanitize the `username` argument and prevent cross site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** needyamin image gallery version 1.0 **Description** A critical issue was found in the Cover Image Handler component of the file /admin/gallery.php, allowing for unrestricted upload through the manipulation of the `image` argument. This can be initiated remotely. The issue has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** needyamin image gallery version 1.0: Avoid using the Cover Image Handler component until a fix is provided by the vendor, and consider implementing alternative security measures to prevent unrestricted uploads.

**Name of the Vulnerable Software and Affected Versions** kurniaramadhan E-Commerce-PHP version 1.0 **Description** A critical issue affects an unknown functionality of the file /blog-details.php. The manipulation of the `blog id` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For kurniaramadhan E-Commerce-PHP version 1.0, as a temporary workaround, consider disabling the functionality related to the /blog-details.php file until a patch is available. Restrict access to the `blog id` argument to minimize the risk of exploitation. Avoid using the `blog id` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kurniaramadhan E-Commerce-PHP version 1.0 **Description** A problem was found in the Create Product Page component, specifically in the /admin/create product.php file. The issue is related to the manipulation of the `Name` argument, which leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For kurniaramadhan E-Commerce-PHP version 1.0, as a temporary workaround, consider restricting access to the /admin/create product.php file until a patch is available. Avoid using the `Name` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.