Quchunyi

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Forum Discussion System version 1.0 **Description** A security flaw exists in SourceCodester Simple Forum Discussion System version 1.0. The issue involves SQL injection, which can be triggered by manipulating the `Description` argument in the file '/ajax.php?action=save category'. The attack can be executed remotely. The exploit has been released publicly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grading System version 1.0 **Description** A SQL injection weakness exists in the `/view students.php` file of the application. Manipulation of the `ID` argument can trigger the injection. This issue can be exploited remotely. The exploit has been made publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/view students.php` file until a fix is available. Sanitize the `ID` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grading System version 1.0 **Description** A security issue exists in SourceCodester Student Grading System 1.0. The vulnerability is due to SQL injection in the `/del promote.php` file through manipulation of the `sy` argument. This allows for remote attacks. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/del promote.php` file until a fix is available. Avoid using the `sy` parameter in the `/del promote.php` endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grading System version 1.0 **Description** A SQL injection issue exists in SourceCodester Student Grading System 1.0. The issue affects an unknown part of the file `/form137.php`. Manipulation of the `ID` parameter can lead to SQL injection. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/form137.php` file until a fix is available. Sanitize the `ID` parameter before using it in any database queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grading System version 1.0 **Description** A flaw exists in the SourceCodester Student Grading System that may allow for SQL injection. The issue affects unknown code within the `/update account.php` file. Manipulation of the `ID` parameter can lead to exploitation, potentially allowing for remote attacks. The exploit has been published. **Recommendations** As a temporary workaround, restrict access to the `/update account.php` file. Sanitize the `ID` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A security issue has been identified in SourceCodester Online Student File Management System. The vulnerability resides in the `/remove file.php` file, specifically within an unknown function. Manipulation of the `ID` parameter allows for SQL injection. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/remove file.php` file until a fix is available. Sanitize the `ID` parameter before using it in any database queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grading System version 1.0 **Description** A SQL injection issue exists in the /view user.php file due to manipulation of the `ID` argument. This allows for remote exploitation. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the /view user.php file until a fix is available. Sanitize the `ID` argument before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grading System version 1.0 **Description** A security flaw exists in SourceCodester Student Grading System 1.0. The issue is related to SQL injection within the `/edit user.php` file. Manipulation of the `ID` parameter can trigger the injection. The attack can be initiated remotely, and an exploit has been publicly released. **Recommendations** As a temporary workaround, consider restricting access to the `/edit user.php` file until a fix is available. Sanitize the `ID` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Grading System version 1.0 **Description** A weakness exists in SourceCodester Student Grading System 1.0. The issue affects an unknown part of the file `/rms.php?page=users`. Manipulation of the `fname` argument can lead to SQL injection. The attack can be launched remotely, and the exploit has been made publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/rms.php?page=users` file to minimize the risk of exploitation. Avoid using the `fname` parameter in the affected API endpoint `/rms.php?page=users` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Online Examination System version 1.0 **Description** The issue is related to SQL Injection via the `subject` parameter in `feed.php`. This allows for potential exploitation. **Recommendations** For Projectworlds Online Examination System version 1.0, consider disabling access to the `feed.php` file or restricting the use of the `subject` parameter until a patch is available. Avoid using the `subject` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Learning Management System Project In PHP With Source Code version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `LessonID` parameter in the processscore.php file. **Recommendations** For Itsourcecode Learning Management System Project In PHP With Source Code version 1.0, consider restricting access to the processscore.php file until a patch is available, and avoid using the `LessonID` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Payroll Management System version 1.0 **Description** The issue is related to SQL Injection in the payroll items.php file via the `ID` parameter. This allows for potential exploitation. **Recommendations** For Itsourcecode Payroll Management System version 1.0, consider restricting access to the payroll items.php file or the `ID` parameter to minimize the risk of exploitation until a fix is available.