Oretnom23

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Packers and Movers Management System version 1.0 **Description** A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the `id` parameter in the "/mpms/admin/?page=services/manage service&id" API endpoint. **Recommendations** For Sourcecodester Packers and Movers Management System version 1.0, consider restricting access to the `/mpms/admin/?page=services/manage service&id` API endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Service Provider Management System version 1.0 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the `firstname`, `middlename`, and `lastname` parameters in the "/php-spms/admin/?page=user" endpoint. **Recommendations** For Service Provider Management System version 1.0, consider disabling access to the "/php-spms/admin/?page=user" endpoint until a patch is available. As a temporary workaround, restrict the use of the `firstname`, `middlename`, and `lastname` parameters in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Judging Management System version 1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "/php-jms/print judges.php" API endpoint with specific parameters such as `se name` and `sub event id`. **Recommendations** For Sourcecodester Judging Management System version 1.0, as a temporary workaround, consider restricting access to the "/php-jms/print judges.php" API endpoint until a patch is available. Avoid using the parameters `se name` and `sub event id` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Raffle Draw System version 1.0 **Description** The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are located at the "save winner.php" endpoint via the `ticket id` and `draw` parameters. **Recommendations** For Raffle Draw System version 1.0, consider disabling access to the "save winner.php" endpoint until a patch is available. Restrict the use of the `ticket id` and `draw` parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Raffle Draw System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "save ticket.php" endpoint. **Recommendations** For Raffle Draw System version 1.0, consider restricting access to the "save ticket.php" endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Raffle Draw System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "get ticket.php" endpoint. **Recommendations** For Raffle Draw System version 1.0, consider restricting access to the "get ticket.php" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Railway Reservation System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/admin/inquiries/view details.php" API endpoint. **Recommendations** For Online Railway Reservation System version 1.0, as a temporary workaround, consider restricting access to the "/admin/inquiries/view details.php" API endpoint until a patch is available. Avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Discussion Forum Site 1 (affected versions not specified) **Description** The issue is related to a blind SQL injection vulnerability. This vulnerability is located in the component `/odfs/posts/view post.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester The Electric Billing Management System version 1.0 **Description** The issue allows attackers to execute arbitrary code via the about page. This is a Cross Site Scripting (XSS) issue, which means attackers can inject malicious scripts into the website, potentially leading to unauthorized actions. **Recommendations** For Sourcecodester The Electric Billing Management System version 1.0, consider restricting access to the about page until a patch is available. As a temporary workaround, avoid using the about page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Storage Unit Rental Management System version v1 **Description** The issue allows attackers to execute arbitrary SQL commands via the `username` parameter to the "/storage/classes/Login.php" API endpoint. This enables potential unauthorized access and manipulation of database content. **Recommendations** For Sourcecodester Storage Unit Rental Management System version v1, consider restricting access to the "/storage/classes/Login.php" endpoint until a patch is available, and avoid using the `username` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial version 1 **Description** The issue allows remote attackers to execute arbitrary code via the `first name`, `last name`, and `email` parameters to the "/ajax crud" API endpoint. This enables the execution of arbitrary code, potentially leading to security breaches. **Recommendations** For sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial version 1, consider validating and sanitizing the `first name`, `last name`, and `email` parameters to prevent malicious input. As a temporary workaround, restrict access to the "/ajax crud" API endpoint until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Student Quarterly Grading System (affected versions not specified) **Description** The issue allows attackers to execute arbitrary code via the `fullname` and `username` parameters to the "users page" API endpoint. This enables the execution of arbitrary code, potentially leading to security breaches. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Patient Appointment Scheduler System version 1 **Description** The issue allows attackers to execute arbitrary SQL commands via the `username` and `password` fields to "login.php" API endpoint. This enables unauthorized access and potential data manipulation. **Recommendations** For Sourcecodester Patient Appointment Scheduler System version 1, consider disabling the login functionality via "login.php" until a patch is available, and restrict access to the `username` and `password` fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) version 1.0 **Description** The issue allows attackers to execute arbitrary code via the `rid` parameter to the "view recipe" page. This enables attackers to perform SQL injection attacks, potentially leading to unauthorized access or data manipulation. **Recommendations** For version 1.0, consider restricting access to the "view recipe" page or validating and sanitizing the `rid` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `rid` parameter in the affected page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) (affected versions not specified) **Description** The issue allows attackers to gain the PHPSESID or other unspecified impacts via the `fullname` parameter to the "login registration" page. This is a Cross Site Scripting (XSS) issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Online Payment Hub version 1 **Description** The issue allows attackers to execute arbitrary SQL commands via the `username` parameter in the Login.php file. This enables potential unauthorized access and manipulation of database content. **Recommendations** For Sourcecodester Online Payment Hub version 1, consider restricting access to the Login.php file until a patch is available. As a temporary workaround, avoid using the `username` parameter in the affected login functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Budget and Expense Tracker System version v1 **Description** The issue allows attackers to execute arbitrary SQL commands via the `username` field, potentially leading to unauthorized data access or modification. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Sourcecodester Budget and Expense Tracker System version v1, consider restricting access to the `username` field to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Online Learning System version 2.0 **Description** The issue concerns SQL injection authentication bypass in the admin login file (`/admin/login.php`) and authenticated file upload in the (`Master.php`) file. These vulnerabilities can be exploited to achieve unauthenticated remote command execution. **Recommendations** For Sourcecodester Online Learning System version 2.0, consider disabling the `/admin/login.php` and `Master.php` files until a patch is available to prevent SQL injection and file upload exploitation. Restrict access to these files to minimize the risk of unauthenticated remote command execution.

**Name of the Vulnerable Software and Affected Versions** The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite (affected versions not specified) **Description** The issue concerns a remote SQL injection bypass authentication vulnerability for the admin account. The `username` parameter from the login form is not properly protected, allowing malicious payloads to bypass security measures. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FlatCore-CMS version 2.0.7 Description: A Cross Site Scripting (XSS) issue exists in the upload image function, allowing for potential exploitation. Recommendations: For FlatCore-CMS version 2.0.7, consider disabling the image upload function as a temporary workaround until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation.