Mooooon

**Name of the Vulnerable Software and Affected Versions** CodeAstro Ecommerce Site version 1.0 **Description** A critical issue was found in the Search component of the affected software, specifically in the file action.php. The manipulation of the `cat id`, `brand id`, or `keyword` arguments leads to SQL injection. This issue can be exploited remotely. **Recommendations** For CodeAstro Ecommerce Site version 1.0, as a temporary workaround, consider restricting access to the `action.php` file or disabling the Search component until a patch is available. Avoid using the `cat id`, `brand id`, or `keyword` arguments in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CodeAstro House Rental Management System version 1.0 **Description** A problematic issue has been found in the system, affecting some unknown functionality of the files `booking.php`, `owner.php`, and `tenant.php`. This issue leads to missing authentication, allowing for remote attacks. The exploit has been disclosed to the public and may be used. **Recommendations** For CodeAstro House Rental Management System version 1.0, consider restricting access to the affected files `booking.php`, `owner.php`, and `tenant.php` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CodeAstro House Rental Management System version 1.0 **Description** A critical issue has been found in the CodeAstro House Rental Management System, affecting some unknown functionality of the file signing.php. The manipulation of the `uname`/`password` argument leads to SQL injection. The attack may be launched remotely. **Recommendations** For CodeAstro House Rental Management System version 1.0, consider disabling the vulnerable functionality in the signing.php file until a patch is available. Restrict access to the signing.php file to minimize the risk of exploitation. Avoid using the `uname` and `password` arguments in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Simple Voting System version 1.0 **Description** A critical vulnerability was found in the CodeAstro Simple Voting System, affecting an unknown functionality of the file users.php of the component Backend. This vulnerability leads to improper access controls and can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For CodeAstro Simple Voting System version 1.0, consider restricting access to the users.php file in the Backend component to minimize the risk of exploitation. As a temporary workaround, review and strengthen access controls to prevent improper access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro House Rental Management System version 1.0 **Description** A problematic issue was found in the User Registration Page component, allowing for cross-site scripting through the manipulation of the `address` argument with malicious input, such as `<img src="1" onerror="console.log(1)">`. This issue can be exploited remotely. **Recommendations** For CodeAstro House Rental Management System version 1.0, consider disabling the User Registration Page or restricting the input for the `address` argument until a fix is available. Additionally, as a temporary workaround, restrict access to the User Registration Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Employee Task Management System version 1.0 **Description** A vulnerability has been found in the system, classified as problematic. It affects an unknown functionality of the file `attendance-info.php`. The manipulation of the argument `aten id` leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For CodeAstro Employee Task Management System version 1.0, as a temporary workaround, consider restricting access to the `attendance-info.php` file until a patch is available. Avoid using the argument `aten id` in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Expense Management System version 1.0 **Description** A vulnerability was found in the CodeAstro Expense Management System, affecting the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the `item` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For CodeAstro Expense Management System version 1.0, consider disabling the `item` argument in the Add Expenses Page until a patch is available. Restrict access to the templates/5-Add-Expenses.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Niushop B2B2C V5 **Description** A critical issue affects some unknown functionality of the file appmodelUpload.php, leading to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.