Polaris0X1

**Name of the Vulnerable Software and Affected Versions** Tenda AC15 version 15.13.07.13 **Description** A critical issue has been found in the function `formSetDevNetName` of the file `/goform/SetDevNetName`, which affects the Tenda AC15 router. The manipulation of the argument `mac` leads to a stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Tenda AC15 version 15.13.07.13, as a temporary workaround, consider disabling the `formSetDevNetName` function until a patch is available. Restrict access to the `/goform/SetDevNetName` endpoint to minimize the risk of exploitation. Avoid using the parameter `mac` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Beauty Parlour Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to SQL injection. It is possible to launch the attack remotely. Other parameters might be affected as well. **Recommendations** For version 1.0, consider disabling access to the /admin/edit-customer-detailed.php file until a patch is available. Restrict the manipulation of argument names to minimize the risk of SQL injection. Avoid using potentially vulnerable parameters in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Bookstore Management System version 1.0 **Description** A problematic issue has been found in the system, affecting some unknown processing, which leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider implementing security measures to prevent cross-site request forgery attacks, such as validating user requests and ensuring proper session management, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Beauty Parlour Management System version 1.0 **Description** A critical vulnerability was found in the 1000 Projects Beauty Parlour Management System. The issue affects an unknown functionality of the file /admin/edit-services.php. The manipulation of the `sername` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, update to the latest version to mitigate risks. Ensure your systems are updated and secure. Apply remediation steps as soon as possible. As a temporary workaround, consider restricting access to the /admin/edit-services.php file until a patch is available. Avoid using the `sername` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Beauty Parlour Management System version 1.0 **Description** A critical issue has been discovered, affecting an unknown part of the file /admin/forgot-password.php. The manipulation of the `email` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For version 1.0, avoid using the `/admin/forgot-password.php` endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Beauty Parlour Management System version 1.0 **Description** A critical issue was found in the 1000 Projects Beauty Parlour Management System. The manipulation of the `username` argument leads to SQL injection in the file /admin/index.php. This issue can be exploited remotely. **Recommendations** For 1000 Projects Beauty Parlour Management System version 1.0, consider restricting access to the /admin/index.php file until a patch is available. As a temporary workaround, avoid using the `username` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Record Management System version 1.0 **Description** A critical issue was found in the Student Record Management System, affecting an unknown function of the file StudentRecordManagementSystem.cpp within the Number of Students Menu component. This issue leads to memory corruption and requires local attack access. **Recommendations** For SourceCodester Student Record Management System version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Record Management System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Student Record Management System, affecting the `main` function of the component View All Student Marks. The manipulation leads to a stack-based buffer overflow. It is possible to launch the attack on the local host. **Recommendations** For SourceCodester Student Record Management System version 1.0, consider disabling the `main` function of the View All Student Marks component until a patch is available to prevent exploitation of the stack-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Record Management System version 1.0 SourceCodester versions prior to the latest update **Description** A vulnerability has been found in the SourceCodester Student Record Management System, affecting the Main Menu component. This issue leads to an infinite loop and requires local attacking. The exploit has been disclosed to the public and may be used. The vulnerability is classified as problematic and has been identified as high-severity. Users are urged to update to the latest release to mitigate risks. **Recommendations** For SourceCodester Student Record Management System version 1.0, update to the latest version to protect your systems. For SourceCodester versions prior to the latest update, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the Main Menu component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Beauty Parlour Management System version 1.0 **Description** A critical vulnerability was found in the 1000 Projects Beauty Parlour Management System. The issue affects an unknown functionality of the file /index.php. The manipulation of the `name` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For 1000 Projects Beauty Parlour Management System version 1.0, as a temporary workaround, consider restricting access to the /index.php file until a patch is available. Additionally, avoid using the `name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips Pet Shop Management System version 1.0 **Description** A critical issue was found in the Codezips Pet Shop Management System. The problem is related to an unknown function of the file birdsadd.php, where the manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed publicly. **Recommendations** For Codezips Pet Shop Management System version 1.0, update to the latest patch immediately to mitigate risks. As a temporary workaround, consider restricting access to the birdsadd.php file until a patch is available. Avoid using the `id` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Codezips Pet Shop Management System version 1.0 **Description** A critical issue has been found in the processing of the file /animalsupdate.php, where the manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Codezips Pet Shop Management System version 1.0, as a temporary workaround, consider restricting access to the /animalsupdate.php file and avoid using the `id` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Codezips Pet Shop Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown function of the file /deletebird.php. The manipulation of the `t1` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Codezips Pet Shop Management System version 1.0, consider restricting access to the /deletebird.php file until a fix is available. As a temporary workaround, avoid using the `t1` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Codezips Sales Management System version 1.0 **Description** A critical issue affects some unknown functionality of the file /addcustind.php. The manipulation of the `refno` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Codezips Sales Management System version 1.0, as a temporary workaround, consider restricting access to the /addcustind.php file until a patch is available. Avoid using the `refno` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Codezips Sales Management System version 1.0 **Description** A critical vulnerability has been found in the Codezips Sales Management System. This issue affects an unknown part of the file `deletecustind.php`. The manipulation of the argument `id` leads to SQL injection, allowing for remote attacks. The exploit has been disclosed to the public and may be used. **Recommendations** For Codezips Sales Management System version 1.0, as a temporary workaround, consider restricting access to the `deletecustind.php` file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips Online Shopping Portal version 1.0 **Description** A critical issue has been found in the processing of the file `/update-image1.php`, where the manipulation of the `productimage1` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For Codezips Online Shopping Portal version 1.0, consider restricting access to the `/update-image1.php` file until a patch is available. As a temporary workaround, avoid using the `productimage1` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Codezips Pharmacy Management System version 1.0 **Description** A critical vulnerability was found in the Codezips Pharmacy Management System. The issue affects an unknown function of the file product/update.php, where the manipulation of the `id` argument leads to SQL injection. This allows for remote attacks. The exploit has been publicly disclosed. **Recommendations** For Codezips Pharmacy Management System version 1.0, consider disabling the `id` argument in the product/update.php file as a temporary workaround until a patch is available. Restrict access to the product/update.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips Tourist Management System version 1.0 **Description** A critical issue affects some unknown functionality of the file /admin/change-image.php, where the manipulation of the `packageimage` argument leads to unrestricted upload. The attack can be launched remotely. **Recommendations** For Codezips Tourist Management System version 1.0, consider disabling the /admin/change-image.php file or restricting access to it until a patch is available. Avoid using the `packageimage` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: itsourcecode Bakery Online Ordering System version 1.0 Description: A critical issue affects the processing of the file index.php, where the manipulation of the `user email` argument leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For itsourcecode Bakery Online Ordering System version 1.0, as a temporary workaround, consider restricting access to the index.php file or disabling the `user email` argument until a patch is available. Avoid using the `user email` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Examination System version 1.0 Description: A critical issue has been found in the SourceCodester Online Examination System, affecting some unknown functionality of the file save.php. The manipulation of the `vote` argument leads to SQL injection. The attack can be launched remotely. Recommendations: For version 1.0, consider disabling the functionality related to the `vote` argument in the save.php file until a patch is available. Restrict access to the save.php file to minimize the risk of exploitation. Avoid using the `vote` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.