Maloyroyorko

**Name of the Vulnerable Software and Affected Versions** Tasin1025 SwiftBuy versions prior to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7 **Description** A security flaw exists in Tasin1025 SwiftBuy. The issue involves improper restriction of excessive authentication attempts within an unknown functionality of the `/login.php` file. Remote exploitation is possible, though considered difficult. The exploit has been publicly released. The product utilizes a rolling release model, and the vendor did not respond to early disclosure attempts. **Recommendations** Update to version 0f5011372e8d1d7edfd642d57d721c9fadc54ec7 or later.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools Real Estate Management System version 1.0 **Description** A security issue has been identified in ScriptAndTools Real Estate Management System 1.0. The vulnerability involves an unknown function within the `/admin/userlist.php` file, leading to execution after redirect. This manipulation can be executed remotely. The exploit for this issue has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/userlist.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools Real Estate Management System version 1.0 **Description** A weakness has been identified in an unknown function of the `register.php` file, allowing for unrestricted file upload through manipulation of the `uimage` argument. Remote exploitation is possible, and the exploit has been made publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `register.php` file to minimize the risk of exploitation. Avoid uploading any files through the `uimage` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** shafhasan chatbox versions prior to 156a39cde62f78532c3265a70eda12c70907e56f **Description** A vulnerability exists in shafhasan chatbox due to SQL injection. The issue is located in the `/chat.php` file and affects an unknown function. Manipulation of the `user id` argument can trigger the vulnerability. The attack can be performed remotely. The exploit has been made public. **Recommendations** As a temporary workaround, consider restricting access to the `/chat.php` file until a fix is available. Avoid using the `user id` parameter in the affected file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: ScriptAndTools Real Estate Management System version 1.0 Description: A critical issue affects the unknown processing of the file userdelete.php of the component User Delete Handler in ScriptAndTools Real Estate Management System. The manipulation of the argument `ID` leads to authorization bypass. The attack may be initiated remotely. Recommendations: For ScriptAndTools Real Estate Management System version 1.0, consider disabling the `userdelete.php` file or restricting access to the User Delete Handler component until a patch is available. Avoid using the `ID` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools Real-Estate-website-in-PHP version 1.0 **Description** A critical vulnerability was found in the Admin Login Panel of the ScriptAndTools Real-Estate-website-in-PHP. The manipulation of the `Password` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For ScriptAndTools Real-Estate-website-in-PHP version 1.0, as a temporary workaround, consider disabling the Admin Login Panel until a patch is available. Restrict access to the `/admin/` endpoint to minimize the risk of exploitation. Avoid using the `Password` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools Online-Travling-System version 1.0 **Description** A critical vulnerability has been found in the software, affecting an unknown function of the file /admin/viewpackage.php. This leads to improper access controls, allowing for remote attacks. The exploit has been disclosed publicly and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools Online-Travling-System version 1.0 **Description** A critical issue has been found, affecting an unknown part of the file /admin/viewenquiry.php, leading to improper access controls. The manipulation can be initiated remotely. **Recommendations** For ScriptAndTools Online-Travling-System version 1.0, as a temporary workaround, consider restricting access to the /admin/viewenquiry.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools Online-Travling-System version 1.0 **Description** A critical issue has been identified, affecting the /admin/addadvertisement.php file, which leads to improper access controls. The issue can be exploited remotely. **Recommendations** For ScriptAndTools Online-Travling-System version 1.0, consider restricting access to the /admin/addadvertisement.php file until a fix is available. As a temporary workaround, review and strengthen access controls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools Online-Travling-System version 1.0 **Description** A critical issue affects the processing of the file `/admin/addpackage.php`, leading to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This issue allows for unauthenticated remote access. **Recommendations** For ScriptAndTools Online-Travling-System version 1.0, consider restricting access to the `/admin/addpackage.php` file until a patch is available. As a temporary workaround, limit remote access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools eCommerce-website-in-PHP version 3.0 **Description** A vulnerability was found in the processing of the file `/admin/subscriber-csv.php`, which can lead to information disclosure. The attack may be initiated remotely. **Recommendations** For version 3.0, consider restricting access to the `/admin/subscriber-csv.php` file until a fix is available. As a temporary workaround, avoid using the file for sensitive operations to minimize the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools eCommerce-website-in-PHP version 3.0 **Description** A problematic issue has been identified in the software. The issue involves improper restriction of excessive authentication attempts, potentially allowing remote attacks. The complexity of exploiting this issue is considered high, and exploitability is difficult. The exploit has been publicly disclosed, and the vendor was notified but did not respond. The vulnerability affects an unknown function within the `/login.php` file. **Recommendations** ScriptAndTools eCommerce-website-in-PHP version 3.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools eCommerce-website-in-PHP version 3.0 **Description** A problematic issue has been identified in ScriptAndTools eCommerce-website-in-PHP. The issue affects some unknown functionality and allows for cross-site request forgery (CSRF). This manipulation can be initiated remotely, and the exploit is publicly available. Multiple endpoints are affected. The vendor was informed of this disclosure but did not respond. **Recommendations** For ScriptAndTools eCommerce-website-in-PHP version 3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ScriptAndTools eCommerce-website-in-PHP version 3.0 **Description** A problematic vulnerability exists due to improper restriction of excessive authentication attempts. This issue affects an unknown functionality within the `/admin/login.php` file and can be exploited remotely. The complexity of the attack is considered high, and exploitation appears to be difficult. The vulnerability has been publicly disclosed and is actively exploited. The vendor was notified but did not respond. **Recommendations** ScriptAndTools eCommerce-website-in-PHP version 3.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tutorials-Website Employee Management System version 1.0 Description: A vulnerability was found in the Tutorials-Website Employee Management System, affecting an unknown part of the file `/admin/update-user.php`. The manipulation of the `ID` argument leads to improper authorization, allowing for remote attacks. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: As a temporary workaround, consider restricting access to the `/admin/update-user.php` file until a patch is available. Avoid using the `ID` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tutorials-Website Employee Management System version 1.0 Description: A critical issue was found in the Tutorials-Website Employee Management System, affecting some unknown functionality of the file /admin/delete-user.php. The manipulation of the `ID` argument leads to improper authorization, and the attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. Recommendations: As a temporary workaround, consider restricting access to the /admin/delete-user.php file until a patch is available. Avoid using the `ID` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nababur Simple-User-Management-System version 1.0 Description: A vulnerability was found in the file /register.php, where the manipulation of the `name/username` argument leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: As a temporary workaround, consider disabling the functionality related to the `name/username` argument in the /register.php file until a patch is available. Restrict access to the /register.php file to minimize the risk of exploitation. Avoid using the `name/username` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ecommerce-Website-using-PHP version 1.0 **Description** A critical issue has been found, affecting an unknown part of the file details.php. The manipulation of the `pro id` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For Ecommerce-Website-using-PHP version 1.0, consider restricting access to the `details.php` file until a patch is available. As a temporary workaround, avoid using the `pro id` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** s-a-zhd Ecommerce-Website-using-PHP version 1.0 **Description** A critical issue was found in the software, affecting some unknown functionality of the file /customer register.php. The manipulation of the `name` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For version 1.0, consider restricting access to the /customer register.php file until a fix is available, and avoid using the `name` argument in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** s-a-zhd Ecommerce-Website-using-PHP version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /shop.php. The manipulation of the `p cat` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For version 1.0, consider restricting access to the /shop.php file until a fix is available. As a temporary workaround, avoid using the `p cat` argument in the affected file to minimize the risk of exploitation.