Pings

**Name of the Vulnerable Software and Affected Versions** oretnom23 Judging Management System version 1.0 **Description** The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the `sub event id` parameter in the "sub event stat update.php" endpoint. **Recommendations** For oretnom23 Judging Management System version 1.0, consider restricting access to the "sub event stat update.php" endpoint to minimize the risk of exploitation. Avoid using the `sub event id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** oretnom23 Judging Management System version 1.0 **Description** The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the `txtsearch` parameter in the "review search.php" endpoint. **Recommendations** For oretnom23 Judging Management System version 1.0, consider restricting access to the `review search.php` endpoint until a patch is available, and avoid using the `txtsearch` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** oretnom23 Judging Management System version 1.0 **Description** The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the `sub event id` parameter in the "sub event details edit.php" endpoint. **Recommendations** For oretnom23 Judging Management System version 1.0, consider restricting access to the "sub event details edit.php" endpoint to minimize the risk of exploitation. Avoid using the `sub event id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.