N0Name

**Name of the Vulnerable Software and Affected Versions** SourceCodester SUP Online Shopping version 1.0 **Description** A cross-site scripting issue exists in the file '/admin/productedit.php'. The flaw allows remote attackers to execute scripts by manipulating the `productName` argument. **Recommendations** As a temporary workaround, restrict access to the '/admin/productedit.php' file or avoid using the `productName` parameter until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester SUP Online Shopping version 1.0 **Description** A security flaw in the file '/admin/replymsg.php' allows for remote SQL injection. This occurs through the manipulation of the `msgid` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database. **Recommendations** As a temporary workaround, restrict access to the '/admin/replymsg.php' file or avoid using the `msgid` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester SUP Online Shopping version 1.0 **Description** An issue exists in the file '/admin/message.php' where the manipulation of the `seenid` argument allows for SQL injection, a technique used to interfere with the queries that an application makes to its database. This attack can be initiated remotely. **Recommendations** Restrict access to the file '/admin/message.php' or avoid using the `seenid` argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester SUP Online Shopping version 1.0 **Description** A remote SQL injection exists in the `wishlist.php` file. This issue occurs when the `delwlistid` argument is manipulated, allowing an attacker to execute unauthorized database queries. **Recommendations** Restrict access to the `wishlist.php` file or avoid using the `delwlistid` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester SUP Online Shopping version 1.0 **Description** A remote SQL injection is possible via an unknown function within the '/admin/viewmsg.php' file. The issue occurs when the `msgid` argument is manipulated, allowing an attacker to interfere with the database queries. **Recommendations** As a temporary workaround, restrict access to the '/admin/viewmsg.php' file or avoid using the `msgid` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Comment System version 1.0 **Description** An issue exists in the processing of the 'post comment.php' file. Manipulation of the `Name` argument allows for SQL injection, which can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Feedback System version 1.0 **Description** A SQL injection flaw exists in the `/admin/checklogin.php` file. Remote attackers can exploit this by manipulating the `email` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database. **Recommendations** As a temporary workaround, restrict access to the `/admin/checklogin.php` file or avoid using the `email` parameter in that endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy Ecommerce System version 1.0 **Description** An issue in the processing of the '/admin/index.php' endpoint allows for remote cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. This occurs through the manipulation of the `page` argument. **Recommendations** Restrict access to the '/admin/index.php' endpoint or avoid using the `page` argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodePanda Source canteen management system version 1.0 **Description** A SQL injection allows remote attackers to manipulate the `Username` argument via the '/api/login.php' endpoint. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical issue exists in the processing of the `/members/edit user.php` file. Manipulation of the `firstname` argument can lead to SQL injection. The exploit has been publicly disclosed and may be used. Other parameters might also be affected. **Recommendations** As a temporary workaround, consider restricting access to the `/members/edit user.php` file until a fix is available. Sanitize the `firstname` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Church Donation System version 1.0 **Description** A critical issue exists in code-projects Church Donation System 1.0. The manipulation of the `fname` argument in the `/members/edit Members.php` file leads to SQL injection. This allows for remote exploitation. The exploit has been publicly disclosed. Other parameters may also be affected. **Recommendations** As a temporary workaround, consider restricting access to the `/members/edit Members.php` file to minimize the risk of exploitation. Sanitize the `fname` parameter before using it in SQL queries. Review and sanitize all other parameters used in SQL queries within the application. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical issue exists in an unknown functionality of the file `/members/add members.php`. Manipulation of the `mobile` argument can lead to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public. Other parameters might also be affected. **Recommendations** As a temporary workaround, consider restricting access to the `/members/add members.php` file until a fix is available. Sanitize the `mobile` parameter before using it in any database queries. Review and sanitize all other input parameters used in the affected file to prevent potential injection attacks.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical issue exists in Church Donation System 1.0 related to unrestricted file upload. The vulnerability is located in the `/members/admin pic.php` file, where manipulation of the `image` argument allows for unrestricted uploads. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical vulnerability exists in Church Donation System 1.0. The issue involves a SQL injection vulnerability in the `/members/search.php` file. The `Username` parameter is susceptible to manipulation, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Church Donation System version 1.0: Sanitize the `Username` parameter in the `/members/search.php` file to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical vulnerability exists in Church Donation System 1.0. The vulnerability is due to a SQL injection flaw within the `/members/update password admin.php` file. Manipulation of the `new password` argument allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Church Donation System version 1.0: Sanitize the `new password` argument to prevent SQL injection. Church Donation System version 1.0: Restrict access to the `/members/update password admin.php` file.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical issue exists in the processing of the `/members/login admin.php` file. Manipulation of the `Username` argument leads to a SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical vulnerability has been identified in Church Donation System. The issue involves SQL injection stemming from unknown processing of the file `/members/giving.php`. Manipulation of the `Amount` argument can lead to SQL injection, and the attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical vulnerability exists in Church Donation System 1.0. The vulnerability affects unknown code within the `/members/offering.php` file. Manipulation of the `trcode` argument results in a SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Church Donation System version 1.0: Address the SQL injection vulnerability by sanitizing or validating the `trcode` argument before using it in SQL queries. Church Donation System version 1.0: Review the code within the `/members/offering.php` file to identify and correct the root cause of the SQL injection vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A critical vulnerability exists in Church Donation System 1.0. The issue is a SQL injection vulnerability located in the `/members/Tithes.php` file. Manipulation of the `trcode` argument allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A vulnerability exists in the Church Donation System software. The issue affects an unknown functionality within the `/reg.php` file. Manipulation of the `mobile` argument can lead to a SQL injection. The attack can be launched remotely, and the exploit has been publicly disclosed. Other parameters may also be affected. **Recommendations** For Church Donation System version 1.0, sanitize or validate the `mobile` parameter to prevent SQL injection. Consider reviewing and securing all other input parameters to the `/reg.php` file.