Quchunyi2

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam Form Submission version 1.0 **Description** A SQL injection vulnerability exists due to manipulation of the `ID` argument in the `/admin/delete s1.php` file. This vulnerability can be exploited remotely. The exploit has been made public. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/delete s1.php` file to minimize the risk of exploitation. Sanitize the `ID` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam Form Submission version 1.0 **Description** A flaw exists in SourceCodester Online Exam Form Submission that allows for unrestricted file upload. The issue is related to the manipulation of the `img` argument within the `/register.php` file. This manipulation impacts an unknown function. The attack can be initiated remotely, and an exploit has been published. **Recommendations** As a temporary workaround, restrict access to the `/register.php` file. Address the manipulation of the `img` argument within the affected function.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam Form Submission version 1.0 **Description** A SQL injection issue exists due to the manipulation of the `email` parameter within an unknown function of the `/admin/index.php` file. This allows for remote exploitation. The exploit details have been publicly disclosed. **Recommendations** As a temporary workaround, restrict access to the `/admin/index.php` file to minimize the risk of exploitation. Sanitize the `email` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A SQL injection issue exists in the /admin/update student.php file due to manipulation of the `stud id` argument. This allows for remote exploitation. The exploit is publicly available. **Recommendations** Sanitize the `stud id` argument in the /admin/update student.php file to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A SQL injection flaw exists in the `/admin/delete student.php` file due to manipulation of the `stud id` argument. This issue is remotely exploitable. The exploit has been published. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/delete student.php` file to minimize the risk of exploitation. Sanitize the `stud id` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A vulnerability exists in SourceCodester Online Student File Management System 1.0 related to SQL injection. The issue is located in the `/admin/delete user.php` file, specifically through manipulation of the `user id` argument. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/delete user.php` file to minimize the risk of exploitation. Avoid using the `user id` parameter in the affected `/admin/delete user.php` API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Exam Form Submission version 1.0 **Description** A SQL injection issue exists due to the manipulation of the `usn` argument in the file `/index.php`. The attack can be launched remotely. The exploit has been made public. **Recommendations** As a temporary workaround, sanitize the `usn` argument to prevent SQL injection. Restrict access to the `/index.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A SQL injection flaw exists due to the manipulation of the `firstname` argument in the `/admin/save user.php` file. This manipulation can be carried out remotely. The exploit has been published. Other parameters might also be affected. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/save user.php` file to minimize the risk of exploitation. Sanitize the `firstname` parameter before using it in SQL queries. Review and sanitize all other parameters used in the `/admin/save user.php` file to prevent potential SQL injection vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student File Management System version 1.0 **Description** A SQL injection issue exists in SourceCodester Online Student File Management System version 1.0. The issue is located in the `/admin/index.php` file, within an unknown function. Manipulation of the `Username` argument allows for remote exploitation. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/index.php` file to minimize the risk of exploitation. Sanitize the `Username` input to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.