P1Nkshox

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical issue affects the processing of the file /php action/removeUser.php. The manipulation of the `userid` argument leads to SQL injection. The attack can be initiated remotely. An exploit has been publicly disclosed and may be used. Recommendations: For code-projects Inventory Management System version 1.0, consider disabling the removeUser functionality in the /php action/removeUser.php file until a patch is available to prevent SQL injection attacks. Restrict access to the /php action/removeUser.php endpoint to minimize the risk of exploitation. Avoid using the `userid` argument in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical issue was discovered in the Inventory Management System. It affects an unknown function in the /php action/editUser.php file. The manipulation of the `edituserName` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For code-projects Inventory Management System version 1.0, consider disabling the `editUser.php` file or restricting access to it until a patch is available. Avoid using the `edituserName` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.