Microwave

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** Cross-site scripting is possible via the `Name` argument within the `Customer()` function of the '/index.php?page=customer' endpoint. This issue allows for remote attacks. **Recommendations** As a temporary workaround, restrict access to the '/index.php?page=customer' endpoint or avoid using the `Name` argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A flaw in the `save supplier()` function within the '/ajax.php?action=save supplier' endpoint allows for SQL injection. This occurs through the manipulation of the `ID` argument, enabling remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** An issue exists in the `delete supplier()` function within the '/ajax.php?action=delete supplier' endpoint. Remote manipulation of the `ID` argument allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. **Recommendations** Update SourceCodester Pharmacy Sales and Inventory System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/ajax.php?action=delete supplier' endpoint or avoid using the `ID` parameter until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Frozen Foods Ordering System version 1.0 **Description** A weakness exists in itsourcecode Online Frozen Foods Ordering System 1.0. The issue is located in an unknown part of the file `/admin/admin edit employee.php`. Manipulation of the `First Name` argument can lead to SQL injection. The attack can be launched remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.