Quchunyi1

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam Form Submission version 1.0 **Description** A SQL injection flaw exists due to manipulation of the `credits` argument in the `/admin/update s3.php` file. Remote exploitation is possible. The exploit has been published. **Recommendations** As a temporary workaround, restrict access to the `/admin/update s3.php` file to minimize the risk of exploitation. Sanitize the `credits` argument before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam Form Submission version 1.0 **Description** A SQL injection issue exists due to the manipulation of the `phone` argument in the file `/user/dashboard.php?page=update profile`. The attack can be launched remotely. The exploit is publicly available. Other parameters may also be affected. **Recommendations** Sanitize the `phone` argument to prevent SQL injection. Review and sanitize all other input parameters to mitigate potential risks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Polling System version 1.0 **Description** A weakness exists in SourceCodester Online Polling System 1.0 related to SQL injection within the `/admin/positions.php` file. Manipulation of the `ID` argument can trigger this issue, potentially allowing remote exploitation. The exploit has been publicly released. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/positions.php` file until a fix is available. Sanitize the `ID` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A security flaw exists in SourceCodester Online Student File Management System 1.0. The issue is a SQL injection affecting an unknown function within the /index.php file. Manipulation of the `stud no` argument can trigger the injection. The attack can be initiated remotely, and an exploit has been publicly released. **Recommendations** As a temporary workaround, consider restricting access to the /index.php file to minimize the risk of exploitation. Sanitize the `stud no` argument to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A weakness exists in SourceCodester Online Student File Management System 1.0 related to unrestricted file upload through manipulation of the `/save file.php` file and an unknown function. The exploit is publicly available and could be exploited remotely. **Recommendations** As a temporary workaround, consider restricting access to the `/save file.php` file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Polling System version 1.0 **Description** A security issue exists in SourceCodester Online Polling System 1.0. Manipulation of the `email` argument in the `/registeracc.php` file may lead to SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/registeracc.php` file to minimize the risk of exploitation. Sanitize the `email` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Polling System version 1.0 **Description** A security flaw exists in SourceCodester Online Polling System 1.0. The issue is related to cross site scripting, triggered by manipulating the `firstname` argument of an unknown function within the `/manage-profile.php` file. This attack can be launched remotely. The exploit has been released publicly. **Recommendations** Sanitize the `firstname` input to prevent the injection of malicious scripts. Restrict access to the `/manage-profile.php` file if possible. As a temporary workaround, consider disabling or restricting the use of the vulnerable function until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Polling System version 1.0 **Description** A SQL injection weakness exists in SourceCodester Online Polling System 1.0. The issue affects an unknown function within the `/manage-profile.php` file. Manipulation of the `email` argument can trigger the SQL injection. The exploit has been made publicly available and could be exploited remotely. **Recommendations** As a temporary workaround, consider restricting access to the `/manage-profile.php` file until a fix is available. Sanitize the `email` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Polling System version 1.0 **Description** A SQL injection issue exists in SourceCodester Online Polling System 1.0. Manipulation of the `ID` argument in the `/admin/candidates.php` file can lead to SQL injection. Remote exploitation is possible. The exploit is publicly available. **Recommendations** As a temporary workaround, restrict access to the `/admin/candidates.php` file to minimize the risk of exploitation. Sanitize the `ID` argument before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Polling System version 1.0 **Description** A SQL injection issue exists due to manipulation of the `email` parameter in a file located at `/admin/manage-admins.php`. The vulnerability is present in an unknown function within this file and can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Farm Management System version 1.0 **Description** A SQL injection issue exists in the /Login/login.php file due to manipulation of the `uname` argument. This allows for remote exploitation. The exploit is publicly available. **Recommendations** Sanitize the `uname` argument to prevent SQL injection attacks. Review and secure the code within the /Login/login.php file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Polling System Code version 1.0 **Description** A SQL injection issue exists due to the manipulation of the `myusername` argument in the `/admin/checklogin.php` file. The attack can be performed remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, sanitize the `myusername` input to prevent SQL injection. Restrict access to the `/admin/checklogin.php` file to authorized personnel only.

Name of the Vulnerable Software and Affected Versions: Code-Projects Online Bidding System version 1.0 Description: A critical issue was found in the code, affecting the /bidnow.php file, where the manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Code-Projects Online Bidding System version 1.0, consider restricting access to the /bidnow.php file until a fix is available, and avoid using the `ID` argument in this context to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical vulnerability has been found in the code-projects Online Bidding System. The issue affects an unknown functionality of the file /showprod.php. The manipulation of the `ID` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For code-projects Online Bidding System version 1.0, as a temporary workaround, consider restricting access to the /showprod.php file until a patch is available. Avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical vulnerability was found in the code-projects Online Bidding System. The vulnerability affects an unknown functionality of the file /administrator. The manipulation of the `aduser` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: For code-projects Online Bidding System version 1.0, as a temporary workaround, consider restricting access to the /administrator file until a patch is available. Avoid using the `aduser` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.