Rocker

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System versions up to 1.0 **Description** A critical issue has been found in the system, affecting some unknown functionality of the file manage tenant.php. The manipulation of the `id` argument leads to sql injection. The attack may be launched remotely. **Recommendations** For versions up to 1.0, as a temporary workaround, consider restricting access to the manage tenant.php file until a patch is available. Avoid using the `id` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System versions up to 1.0 **Description** A critical issue was found in the file manage payment.php, where the manipulation of the `id` argument leads to sql injection. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For versions up to 1.0, as a temporary workaround, consider restricting access to the manage payment.php file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A critical issue was found in the manage user.php file, where the manipulation of the `id` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For version 1.0, consider disabling the functionality related to the manage user.php file until a patch is available. Restrict access to the `id` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System versions up to 1.0 **Description** A critical issue has been found in the SourceCodester Best House Rental Management System, affecting the file edit-cate.php. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Best House Rental Management System versions up to 1.0, consider restricting access to the edit-cate.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Inventory System version 1.0 Description: A critical issue was found in the file updateprice.php, where the manipulation of the `ITEM` argument leads to sql injection. This issue can be exploited remotely. Recommendations: For SourceCodester Simple Inventory System version 1.0, consider restricting access to the updateprice.php file until a patch is available. As a temporary workaround, avoid using the `ITEM` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Inventory System version 1.0 Description: A critical issue has been found in the updateproduct.php file, where the manipulation of the `ITEM` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Simple Inventory System version 1.0, update the software to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the updateproduct.php file to minimize the risk of exploitation. Avoid using the `ITEM` argument in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Inventory System version 1.0 Description: A critical issue has been found in the SourceCodester Simple Inventory System, affecting the file tableedit.php. The manipulation of the `from` and `to` arguments leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed publicly. Recommendations: For SourceCodester Simple Inventory System version 1.0, as a temporary workaround, consider restricting access to the `tableedit.php` file until a patch is available. Avoid using the `from` and `to` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Inventory System version 1.0 Description: A critical issue has been found in the SourceCodester Simple Inventory System, affecting an unknown functionality of the file login.php. The manipulation of the `username` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Simple Inventory System version 1.0, update the system to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the login.php file or disabling the SQL injection vulnerability in the `username` argument until a patch is available. Avoid using the `username` argument in the affected login.php file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Inventory System version 1.0 Description: A vulnerability was found in the SourceCodester Simple Inventory System, allowing for cross-site request forgery. The issue is related to the manipulation of the `itemnumber` argument in the file /tableedit.php#page=editprice. This can be exploited remotely. Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the /tableedit.php#page=editprice endpoint until a patch is available. Avoid using the `itemnumber` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Bidding System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage product. The manipulation of the `id` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Simple Online Bidding System version 1.0, consider restricting access to the /simple-online-bidding-system/admin/index.php?page=manage product file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Bidding System version 1.0 **Description** A critical issue was found in the SourceCodester Simple Online Bidding System, affecting an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manage user. The manipulation of the `id` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `id` argument in the /simple-online-bidding-system/admin/index.php?page=manage user file as a temporary workaround until a patch is available. Restrict access to the affected file to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Bidding System version 1.0 **Description** A critical issue has been found in the processing of the file /simple-online-bidding-system/admin/index.php?page=view udet. The manipulation of the `id` argument leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `id` argument in the /simple-online-bidding-system/admin/index.php?page=view udet file as a temporary workaround until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `id` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Bidding System version 1.0 **Description** A critical issue was found in the software, affecting the file /simple-online-bidding-system/index.php?page=view prod. The manipulation of the `id` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the `/simple-online-bidding-system/index.php?page=view prod` endpoint until a patch is available. Avoid using the `id` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tongda OA 2017 versions up to 11.10 **Description** A critical vulnerability has been found in Tongda OA. The issue affects an unknown function of the file /general/email/outbox/delete.php. The manipulation of the `DELETE STR` argument leads to SQL injection. The exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Tongda OA 2017 versions up to 11.10, as a temporary workaround, consider restricting access to the /general/email/outbox/delete.php file until a patch is available. Avoid using the `DELETE STR` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beijing Baichuo Smart S20 Management Platform versions up to 20231120 **Description** A critical vulnerability was found in the Smart S20 Management Platform, affecting an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For versions up to 20231120, as a temporary workaround, consider restricting access to the /sysmanage/sysmanageajax.php file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.