Renyu

**Name of the Vulnerable Software and Affected Versions** 1024-lab smart-admin versions prior to 3.30.1 **Description** Improper access controls in the Demo Site component allow for remote attacks. The issue is located within the file '/smart-admin-api/druid/index.html'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A SQL injection flaw exists that allows remote attacks. The issue is located in the '/ajax.php?action=save category' endpoint, where manipulation of the `ID` argument enables the execution of arbitrary SQL commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** An issue exists where manipulation of the `ID` argument in the '/ajax.php?action=delete receiving' endpoint allows for SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. This flaw enables remote exploitation. **Recommendations** Avoid using the `ID` parameter in the '/ajax.php?action=delete receiving' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.