Qidian

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Study Center Desk Management System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Student Study Center Desk Management System. The issue affects an unknown functionality of the file /admin/user/manage user.php. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling access to the /admin/user/manage user.php file until a patch is available. Restrict the manipulation of the `id` argument to minimize the risk of SQL injection exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple and Nice Shopping Cart Script (affected versions not specified) **Description** A critical vulnerability was found in the SourceCodester Simple and Nice Shopping Cart Script, affecting an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the `mem id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple and Nice Shopping Cart Script (affected versions not specified) **Description** A critical vulnerability was found in the SourceCodester Simple and Nice Shopping Cart Script, affecting an unknown functionality of the file /mkshop/Men/profile.php. This vulnerability leads to unrestricted upload and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Guest Management System (affected versions not specified) **Description** A critical issue has been found in the SourceCodester Guest Management System, affecting the processing of the file /guestmanagement/front.php. The manipulation of the `rid` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple and Nice Shopping Cart Script (affected versions not specified) **Description** A vulnerability has been found in the software, affecting an unknown functionality of the file /mkshope/login.php. The issue is related to the manipulation of the `msg` argument, which leads to cross-site scripting. This can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Guest Management System (affected versions not specified) **Description** A problematic vulnerability has been found in the SourceCodester Guest Management System, affecting an unknown part of the file myform.php. The manipulation of the `name` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Guest Management System (affected versions not specified) **Description** A critical issue was found in the SourceCodester Guest Management System, affecting the file index.php. The manipulation of the `username/pass` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Information System (affected versions not specified) **Description** A critical issue was found in the SourceCodester Student Information System, affecting an unknown functionality of the file /admin/students/view student.php. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Zoo Management System (affected versions not specified) **Description** A critical issue was found in the processing of the file /pages/animals.php, where the manipulation of the `class id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Book Store System (affected versions not specified) **Description** A critical issue has been discovered, affecting the file Admin add.php, which allows for unrestricted upload. This can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Apartment Visitor Management System (affected versions not specified) **Description** A critical issue was found in the SourceCodester Apartment Visitor Management System, affecting some unknown functionality of the file action-visitor.php. The manipulation of the `editid` and `remark` arguments leads to SQL injection. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Book Store System (affected versions not specified) **Description** A problem was found in the system, affecting an unknown function of the file /admin/edit.php. The manipulation of the `eid` argument leads to cross-site scripting. It is possible to launch the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Gym Management System (affected versions not specified) **Description** A problematic vulnerability has been found in the SourceCodester Gym Management System. The issue affects an unknown function of the file delete user.php. The manipulation of the `delete user` argument leads to denial of service. It is possible to launch the attack remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Book Store (affected versions not specified) **Description** A critical issue was found in the processing of the file book.php, where the manipulation of the `book isbn` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.