N1_X

**Name of the Vulnerable Software and Affected Versions** Online Market Place Site version 1.0 **Description** The issue is related to an insecure direct object reference (IDOR) that allows attackers to modify products owned by other sellers. **Recommendations** For Online Market Place Site version 1.0, consider restricting access to product modification functionality to prevent unauthorized changes. As a temporary workaround, restrict the ability to modify products to only the product owners until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** oretnom23 Automotive Shop Management System version 1.0 **Description** The issue allows remote attackers to exploit a blind SQL Injection Vulnerability through the `product id` parameter. This vulnerability enables attackers to dump all database credentials and gain admin access, resulting in privilege escalation. **Recommendations** For oretnom23 Automotive Shop Management System version 1.0, consider restricting access to the `product id` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `product id` parameter in sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** oretnom23 Automotive Shop Management System version 1.0 **Description** The issue concerns a stored XSS Injection Vulnerability in the first and last name user fields, allowing remote attackers to gain admin access and view internal IPs. **Recommendations** For oretnom23 Automotive Shop Management System version 1.0, consider temporarily restricting access to the `first name` and `last name` fields until a patch is available to prevent exploitation of the stored XSS Injection Vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Student Information System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `add/Student` endpoint. **Recommendations** For Simple Student Information System version 1.0, consider restricting access to the `add/Student` endpoint until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** College Website Content Management System version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `User Profile Name` text fields. **Recommendations** For College Website Content Management System version 1.0, consider validating and sanitizing user input in the `User Profile Name` field to prevent the injection of malicious scripts. As a temporary workaround, restrict access to the User Profile Name text fields until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Car Driving School Management System version 1.0 **Description** The issue concerns Cross Site Scripting (XSS) in the User Enrollment Form, specifically the `Username Field`. To exploit this, an admin must view the registered user details. **Recommendations** For Car Driving School Management System version 1.0, consider disabling the User Enrollment Form or restricting access to the `Username Field` until a patch is available. As a temporary workaround, limit administrative access to viewing registered user details to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.