Sh3Rl0Ckpgp

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shop Store version 1.0 **Description** A problematic issue has been found in the code-projects Online Shop Store, affecting an unknown part of the file /signup.php. The manipulation of the argument `m2` with the input `<svg onload=alert(document.cookie)>` leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For code-projects Online Shop Store version 1.0, as a temporary workaround, consider restricting access to the `/signup.php` file or disabling the manipulation of the `m2` argument until a patch is available. Avoid using the `m2` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Inventory Management version 1.0 **Description** A critical issue has been identified, affecting the /model/editProduct.php file. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Inventory Management version 1.0, consider restricting access to the /model/editProduct.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Employee Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown part of the file /admin/edit role.php. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For version 1.0, update to the latest release immediately to mitigate risks. As a temporary workaround, consider restricting access to the /admin/edit role.php file until a patch is available. Avoid using the `id` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Employee Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Best Employee Management System, affecting the file /admin/profile.php. The manipulation of the `website image` argument leads to unrestricted upload. This issue can be initiated remotely. **Recommendations** For version 1.0, update to the latest release immediately to mitigate risks. As a temporary workaround, consider restricting access to the /admin/profile.php file until a patch is available. Avoid using the `website image` argument in the affected file until the issue is resolved.