Reiginald

**Name of the Vulnerable Software and Affected Versions** keerti1924 Secret-Coder-PHP-Project version 1.0 **Description** A vulnerability has been found in the keerti1924 Secret-Coder-PHP-Project, affecting an unknown functionality of the file /secret coder.sql. The manipulation leads to the inclusion of sensitive information in the source code. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. **Recommendations** For keerti1924 Secret-Coder-PHP-Project version 1.0, consider restricting access to the /secret coder.sql file to minimize the risk of exploitation. As a temporary workaround, avoid using the affected functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** keerti1924 PHP-MYSQL-User-Login-System version 1.0 **Description** The issue is related to the disclosure of sensitive information through the source code of the login system. It affects an unknown part of the file login.sql. The manipulation can lead to the inclusion of sensitive information in the source code, and it is possible to initiate the attack remotely. **Recommendations** For keerti1924 PHP-MYSQL-User-Login-System version 1.0, consider restricting access to the login.sql file to minimize the risk of exploitation. As a temporary workaround, review the source code for any sensitive information disclosure and remove or secure it until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** keerti1924 Secret-Coder-PHP-Project version 1.0 **Description** A vulnerability has been found in the Login Page component, specifically in the file /login.php. The manipulation of the `emailcookie` and `passwordcookie` arguments leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For keerti1924 Secret-Coder-PHP-Project version 1.0, consider disabling the `emailcookie` and `passwordcookie` arguments in the /login.php file as a temporary workaround to minimize the risk of exploitation. Restrict access to the Login Page component to minimize the risk of cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Flashcard Quiz App version 1.0 **Description** A problematic issue was found in the SourceCodester Flashcard Quiz App, affecting an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the `question/answer` argument leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For SourceCodester Flashcard Quiz App version 1.0, consider disabling access to the /endpoint/update-flashcard.php file until a patch is available. Restrict the manipulation of the `question/answer` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester FAQ Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown function of the file /endpoint/delete-faq.php. The manipulation of the `faq` argument leads to sql injection, allowing for remote attacks. The issue has been publicly disclosed. **Recommendations** For SourceCodester FAQ Management System version 1.0, consider restricting access to the /endpoint/delete-faq.php endpoint until a patch is available. As a temporary workaround, avoid using the `faq` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester FAQ Management System version 1.0 **Description** A problematic issue was found in the system, affecting an unknown functionality of the file "/endpoint/add-faq.php". The manipulation of the `question/answer` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester FAQ Management System version 1.0, consider disabling the functionality related to the "/endpoint/add-faq.php" file until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `question/answer` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Student Attendance System version 1.0 **Description** A critical issue was found in the function `delete class/delete student` of the file `/ajax-api.php` of the component List of Classes Page. The manipulation of the argument `id` with the input `1337'+or+1=1;--+` leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `delete class` and `delete student` functions until a patch is available. Restrict access to the `/ajax-api.php` file to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.