Puppy2140

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Bookstore Management System version 1.0 **Description** A critical issue has been found in the 1000 Projects Bookstore Management System, affecting an unknown functionality of the file /contact process.php. The manipulation of the `fnm` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider restricting access to the /contact process.php file until a patch is available. As a temporary workaround, avoid using the `fnm` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Codezips Online Institute Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown function of the file /manage website.php. The manipulation of the `website image` argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Codezips Online Institute Management System version 1.0, as a temporary workaround, consider restricting access to the `/manage website.php` file or disabling the upload functionality related to the `website image` argument until a patch is available. Avoid using the `website image` argument in the affected file until the issue is resolved.