Secloverwang

**Name of the Vulnerable Software and Affected Versions** Code-Projects Online Class and Exam Scheduling System version 1.0 **Description** A vulnerability was found in the file /Scheduling/pages/class save.php, where manipulation of the `class` parameter can lead to SQL injection attacks. **Recommendations** For Code-Projects Online Class and Exam Scheduling System version 1.0, consider restricting access to the /Scheduling/pages/class save.php file until a patch is available, and avoid using the `class` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Class and Exam Scheduling System version 1.0 **Description** A vulnerability was found in the code-projects Online Class and Exam Scheduling System. The issue is related to the `/Scheduling/pages/profile update.php` endpoint, where manipulating the `username` parameter can cause SQL injection attacks. **Recommendations** For code-projects Online Class and Exam Scheduling System version 1.0, avoid using the `username` parameter in the `/Scheduling/pages/profile update.php` endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Class and Exam Scheduling System version 1.0 **Description** A vulnerability has been discovered in the code, affecting some unknown features in the file /Scheduling/pages/class sched.php. Manipulating the `class` parameter can lead to cross-site scripting (XSS). **Recommendations** For Online Class and Exam Scheduling System version 1.0, consider restricting access to the /Scheduling/pages/class sched.php file until a patch is available. As a temporary workaround, avoid using the `class` parameter in the affected endpoint to minimize the risk of exploitation.