Schneidergrace

**Name of the Vulnerable Software and Affected Versions** CodeAstro Leave Management System version 1.0 **Description** A remote SQL injection is possible via the `Name` argument in the '/admin/search staff to assign pc.php' endpoint. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Leave Management System version 1.0 **Description** A remote SQL injection exists in the `/admin/search staff for updation.php` endpoint. The issue occurs when the `Name` argument is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** Update CodeAstro Leave Management System to a version newer than 1.0. As a temporary workaround, restrict access to the `/admin/search staff for updation.php` file or avoid using the `Name` parameter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Leave Management System version 1.0 **Description** A security flaw allows remote attackers to perform SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs in the '/admin/add leave.php' endpoint through the manipulation of the `type of leave` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Payroll System version 1.0 **Description** A remote SQL injection is possible due to the manipulation of the `ID` argument within the '/view account.php' endpoint. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to interfere with the application's database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Student Attendance Management System version 1.0 **Description** A remote SQL injection exists in the `/attendance-php/index.php` file. The issue occurs when the `Username` argument is manipulated, allowing an attacker to interfere with the database queries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Student Attendance Management System version 1.0 **Description** SQL injection can be triggered remotely via the manipulation of the `className` argument within the '/attendance-php/Admin/createClass.php' endpoint. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Student Attendance Management System version 1.0 **Description** SQL injection is possible via remote attack due to the manipulation of the `ID` argument in the '/attendance-php/Admin/createClass.php?action=edit' endpoint. This issue affects an unknown function within the specified file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Student Attendance Management System version 1.0 **Description** A SQL injection issue exists in the file '/attendance-php/Admin/createClassArms.php'. This occurs when the `classId` argument is manipulated, allowing a remote attacker to execute unauthorized database queries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.