Phila

**Name of the Vulnerable Software and Affected Versions** code-projects University Event Management System version 1.0 **Description** A critical issue has been found in the code-projects University Event Management System, affecting the file submit.php. The manipulation of the arguments `name`, `email`, `title`, `Year`, `gender`, `fromdate`, `todate`, and `people` leads to SQL injection. The attack can be initiated remotely. It is assumed that a variety of parameters is affected, not just the initially mentioned `name` parameter. **Recommendations** For code-projects University Event Management System version 1.0, as a temporary workaround, consider restricting access to the submit.php file until a patch is available. Avoid using the parameters `name`, `email`, `title`, `Year`, `gender`, `fromdate`, `todate`, and `people` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.