Rom4J

**Name of the Vulnerable Software and Affected Versions:** code-projects Mobile Shop version 1.0 **Description:** A critical issue exists in code-projects Mobile Shop 1.0 related to the processing of the `/LoginAsAdmin.php` file. Manipulation of the `email` argument results in a SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations:** Address the SQL injection issue in the `/LoginAsAdmin.php` file. Sanitize the `email` argument to prevent SQL injection. Restrict access to the `/LoginAsAdmin.php` file to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions:** code-projects Library System version 1.0 **Description:** A critical vulnerability exists in code-projects Library System 1.0, allowing for unrestricted file upload. The issue is located in the `/user/teacher/profile.php` file, where manipulation of the `image` argument enables malicious uploads. This attack can be initiated remotely. The exploit details have been publicly disclosed. **Recommendations:** As a temporary workaround, consider restricting or disabling file upload functionality to the `/user/teacher/profile.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions:** code-projects Library System version 1.0 **Description:** A critical issue exists in code-projects Library System 1.0 related to unrestricted file upload. The vulnerability is located in the `/user/student/profile.php` file, where manipulation of the `image` argument allows for unrestricted uploads. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations:** Restrict or disable the functionality associated with the `/user/student/profile.php` file. Avoid uploading files through the `image` argument until a resolution is available.

**Name of the Vulnerable Software and Affected Versions:** code-projects LifeStyle Store version 1.0 **Description:** A critical issue exists in code-projects LifeStyle Store 1.0. The vulnerability is located in an unknown functionality of the `/success.php` file. Manipulation of the `ID` argument results in a SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations:** As a temporary workaround, consider restricting access to the `/success.php` file until a fix is available. Sanitize the `ID` argument to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions:** LifeStyle Store version 1.0 **Description:** A critical issue exists in code-projects LifeStyle Store, potentially allowing for remote SQL injection. The vulnerability is located in the `/cart remove.php` file, specifically through manipulation of the `ID` argument. The exploit for this issue has been publicly disclosed. **Recommendations:** LifeStyle Store version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue has been found in the Simple Pizza Ordering System. This issue affects the /salesreport.php file and is related to the manipulation of the `dayfrom` argument, leading to SQL injection. The attack can be initiated remotely. Recommendations: For Simple Pizza Ordering System version 1.0, as a temporary workaround, consider restricting access to the /salesreport.php file until a patch is available. Avoid using the `dayfrom` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the code, affecting the /addcatexec.php file. The manipulation of the `textfield` argument leads to SQL injection. This issue can be initiated remotely. Recommendations: For version 1.0, consider restricting access to the /addcatexec.php file until a fix is available. As a temporary workaround, avoid using the `textfield` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue has been found in the processing of the file /update.php, where the manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public. Recommendations: For code-projects Simple Pizza Ordering System version 1.0, consider restricting access to the /update.php file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the Simple Pizza Ordering System, affecting an unknown function of the file /edituser-exec.php. The manipulation of the `userid` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Simple Pizza Ordering System version 1.0, as a temporary workaround, consider restricting access to the /edituser-exec.php file until a patch is available. Avoid using the `userid` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical vulnerability has been found in the Simple Pizza Ordering System, affecting an unknown functionality of the file /edituser.php. The manipulation of the `ID` argument leads to SQL injection. The attack can be launched remotely. Recommendations: As a temporary workaround, consider disabling the functionality related to the /edituser.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `ID` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Hotel Reservation System version 1.0 Description: A critical issue has been found, affecting the /admin/execeditroom.php file, where the manipulation of the `userid` argument leads to SQL injection. This issue can be initiated remotely. Recommendations: For SourceCodester Online Hotel Reservation System version 1.0, consider restricting access to the /admin/execeditroom.php file and avoid using the `userid` argument until a fix is available. As a temporary workaround, restrict the manipulation of the `userid` argument to minimize the risk of SQL injection exploitation.

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue affects some unknown functionality of the file /cashconfirm.php, where the manipulation of the `transactioncode` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For code-projects Simple Pizza Ordering System version 1.0, consider restricting access to the /cashconfirm.php file until a patch is available. As a temporary workaround, avoid using the `transactioncode` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the Simple Pizza Ordering System. The problem affects an unknown functionality of the file /saveorder.php. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Simple Pizza Ordering System version 1.0, as a temporary workaround, consider restricting access to the /saveorder.php file until a patch is available. Avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Code-Projects Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the Simple Pizza Ordering System. It affects an unknown function of the file /paymentportal.php. The manipulation of the `person` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Code-Projects Simple Pizza Ordering System version 1.0, as a temporary workaround, consider restricting access to the /paymentportal.php file until a patch is available. Avoid using the `person` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue affects the processing of the file `/addmem.php`, leading to sql injection. The attack may be initiated remotely. Recommendations: For version 1.0, consider restricting access to the `/addmem.php` file until a patch is available. As a temporary workaround, avoid using the `Simple Pizza Ordering System` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file /portal.php. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Simple Pizza Ordering System version 1.0, as a temporary workaround, consider restricting access to the `/portal.php` file until a patch is available. Avoid using the `ID` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the Simple Pizza Ordering System. The manipulation of the `userid` argument in the file /adds.php leads to SQL injection. This issue can be initiated remotely. Recommendations: For Simple Pizza Ordering System version 1.0, consider restricting access to the /adds.php file until a patch is available. As a temporary workaround, avoid using the `userid` parameter in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue has been found in the Simple Pizza Ordering System, affecting some unknown processing of the file /editpro.php. The manipulation of the `ID` argument leads to SQL injection. The attack may be initiated remotely. Recommendations: For code-projects Simple Pizza Ordering System version 1.0, consider restricting access to the /editpro.php file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue was found in the Simple Pizza Ordering System. The problem is related to the manipulation of the `ingname` argument, which leads to SQL injection. This issue can be exploited remotely, affecting an unknown function of the file /adding-exec.php. Recommendations: For code-projects Simple Pizza Ordering System version 1.0, consider restricting access to the /adding-exec.php file until a patch is available. As a temporary workaround, avoid using the `ingname` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue has been found in the Simple Pizza Ordering System. The problem affects an unknown functionality of the file /adduser-exec.php. The manipulation of the `Username` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For version 1.0, consider restricting access to the /adduser-exec.php file until a patch is available. As a temporary workaround, avoid using the `Username` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.