Renzortega1337

**Name of the Vulnerable Software and Affected Versions** SourceCodester Water Billing Management System version 1.0 **Description** Improper authorization occurs due to the processing of the '/classes/Users.php?f=save' endpoint within the User Management Endpoint component. This issue allows a remote attacker to perform unauthorized actions by manipulating the `f` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Water Billing Management System version 1.0 **Description** An issue exists in the User Management Module within the file '/admin/?page=user/manage user'. Manipulation of the `ID` argument allows for SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database. This flaw enables remote exploitation. **Recommendations** Update SourceCodester Water Billing Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/admin/?page=user/manage user' endpoint or avoid using the `ID` parameter until a fix is applied.