N3Xu5Cr4Ck37

**Name of the Vulnerable Software and Affected Versions** Codezips Online Shopping Portal version 1.0 **Description** A vulnerability was found in the Codezips Online Shopping Portal, affecting an unknown functionality of the file insert-product.php. The manipulation of the `productimage1`, `productimage2`, and `productimage3` arguments leads to unrestricted upload. The attack can be launched remotely. **Recommendations** For Codezips Online Shopping Portal version 1.0, consider restricting access to the insert-product.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `productimage1`, `productimage2`, and `productimage3` arguments in the affected functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Codezips Internal Marks Calculation version 1.0 **Description** A critical vulnerability has been found in the software, affecting an unknown function of the file index.php. The manipulation of the `tid` argument leads to SQL injection, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** For Codezips Internal Marks Calculation version 1.0, consider disabling the unknown function in the file index.php that is affected by the SQL injection vulnerability until a patch is available. Restrict access to the `tid` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Food Ordering System version 1.0 **Description** A critical issue has been found in the itsourcecode Online Food Ordering System, where an unknown function of the file editproduct.php is affected. The manipulation of the `photo` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For itsourcecode Online Food Ordering System version 1.0, consider disabling the file editproduct.php or restricting access to it until a patch is available. Avoid using the `photo` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bethesda Online Reservation System version 1.0 **Description** A critical issue has been found in the Bethesda Online Reservation System, affecting some unknown functionality of the file controller.php. The manipulation of the `rmtype id` argument leads to sql injection. The attack can be launched remotely. **Recommendations** For version 1.0, consider restricting access to the `controller.php` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `rmtype id` argument in the affected functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions: Simple Online Hotel Reservation System version 1.0 Description: A critical issue has been identified, affecting the file index.php. The manipulation of the `username` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Simple Online Hotel Reservation System version 1.0, consider restricting access to the `index.php` file until a fix is available. As a temporary workaround, avoid using the `username` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-UAC version 1.0 **Description** A critical issue has been found in the function `get ip addr details` of the file `/view/dhcp/dhcpConfig/commit.php`. The manipulation of the argument `ethname` leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `get ip addr details` function until a patch is available. Restrict access to the `/view/dhcp/dhcpConfig/commit.php` file to minimize the risk of exploitation. Avoid using the parameter `ethname` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-UAC version 1.0 **Description** A critical issue exists due to the failure to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary commands via the `ad log name` parameter in the /view/userAuthentication/SSO/commit.php file. The issue affects an unknown part of this file and can be initiated remotely. **Recommendations** For Ruijie RG-UAC version 1.0, as a temporary workaround, consider restricting access to the /view/userAuthentication/SSO/commit.php file and avoid using the `ad log name` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruijie RG-UAC version 1.0 **Description** A critical issue exists due to the lack of neutralization of special elements used in an operating system command. This allows a remote attacker to execute arbitrary commands through the `servicename` parameter. The issue is related to the file `/view/systemConfig/reboot/reboot commit.php`. The attack can be launched remotely. **Recommendations** For Ruijie RG-UAC version 1.0, as a temporary workaround, consider restricting access to the `/view/systemConfig/reboot/reboot commit.php` file and avoid using the `servicename` parameter in this context until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue was found in the Netentsec NS-ASG Application Security Gateway. The problem is related to an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the `messagecontent` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For Netentsec NS-ASG Application Security Gateway version 6.3, as a temporary workaround, consider restricting access to the /protocol/firewall/deletemacbind.php file until a patch is available. Avoid using the `messagecontent` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: itsourcecode Bakery Online Ordering System version 1.0 Description: A critical issue has been found in the itsourcecode Bakery Online Ordering System, affecting an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the `image` argument leads to unrestricted upload. This issue can be exploited remotely. Recommendations: For itsourcecode Bakery Online Ordering System version 1.0, consider disabling the upload functionality via the `image` argument in the /admin/modules/product/controller.php?action=add endpoint until a patch is available. Restrict access to the /admin/modules/product/controller.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Bakery Online Ordering System version 1.0 **Description** A critical issue affects some unknown functionality of the file report/index.php. The manipulation of the `procduct` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For itsourcecode Bakery Online Ordering System version 1.0, consider restricting access to the report/index.php file until a patch is available. As a temporary workaround, avoid using the `procduct` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Bakery Online Ordering System version 1.0 **Description** A critical issue has been found in the itsourcecode Bakery Online Ordering System, affecting an unknown functionality of the file index.php. The manipulation of the `txtsearch` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For itsourcecode Bakery Online Ordering System version 1.0, consider restricting access to the `index.php` file until a patch is available. As a temporary workaround, avoid using the `txtsearch` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A critical issue has been found, affecting an unknown part of the file /admin/config MT.php?action=delete. The manipulation of the `Mid` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Netentsec NS-ASG Application Security Gateway version 6.3, consider disabling access to the /admin/config MT.php?action=delete endpoint until a patch is available. Restrict the manipulation of the `Mid` argument to minimize the risk of SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A critical issue has been found in the JSON Content Handler component of the affected software, specifically in the file /protocol/iscuser/uploadiscuser.php. The manipulation of the `messagecontent` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For version 6.3, consider disabling the JSON Content Handler component or restricting access to the /protocol/iscuser/uploadiscuser.php file until a patch is available. As a temporary workaround, avoid using the `messagecontent` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ItsourceCode Learning Management System Project In PHP version 1.0 **Description** A critical vulnerability was found in the ItsourceCode Learning Management System Project In PHP. This issue affects the file login.php and is related to the manipulation of the `user email` argument, leading to SQL injection. The attack can be initiated remotely. **Recommendations** For ItsourceCode Learning Management System Project In PHP version 1.0, consider disabling the `login.php` file or restricting access to it until a patch is available. Avoid using the `user email` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Discussion Forum version 1.0 **Description** A critical issue has been found in the itsourcecode Online Discussion Forum, affecting the file change profile picture.php. The manipulation of the `image` argument leads to unrestricted upload. This issue can be initiated remotely. **Recommendations** For itsourcecode Online Discussion Forum version 1.0, consider restricting access to the change profile picture.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `image` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.