Shininadd

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patient Appointment Scheduler System version 1.0 **Description** SQL Injection is possible in the file '/scheduler/admin/appointments/manage appointment.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Storage Unit Rental Management System version 1.0 **Description** SQL Injection is possible in the file '/storage/admin/maintenance/manage storage unit.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Employees Work From Home Attendance System version 1.0 **Description** SQL Injection is possible in the file '/wfh attendance/admin/view employee.php'. **Recommendations** As a temporary workaround, restrict access to the file '/wfh attendance/admin/view employee.php' to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Employees Work From Home Attendance System version 1.0 **Description** SQL Injection is possible in the file '/wfh attendance/admin/manage employee.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Employees Work From Home Attendance System version 1.0 **Description** SQL Injection is possible in the file '/wfh attendance/admin/manage department.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Employees Work From Home Attendance System version 1.0 **Description** SQL Injection is possible in the file '/wfh attendance/admin/attendance list.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patient Appointment Scheduler System version 1.0 **Description** Remote code execution is possible through the endpoint '/scheduler/classes/SystemSettings.php' using the `f` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Online Men's Salon Management System version 1.0 Sourcecodester Simple Online Men's Salon Management System version 1.0 **Description** The software is susceptible to SQL Injection. This issue affects the `/msms/admin/appointments/view appointment.php` endpoint. The vulnerability exists due to insufficient input validation, potentially allowing an attacker to manipulate database queries. The vulnerable parameter is not specified. **Recommendations** Apply input validation and sanitization to all user-supplied data used in database queries related to the `/msms/admin/appointments/view appointment.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Online Men's Salon Management System version 1.0 Sourcecodester Simple Online Men's Salon Management System version 1.0 **Description** The software is susceptible to SQL Injection. This issue affects the `/classes/Master.php?f=delete service` endpoint. The `f` parameter in the API endpoint is vulnerable. Successful exploitation could allow an attacker to manipulate database queries. **Recommendations** Apply appropriate input validation and sanitization techniques to the `f` parameter in the `/classes/Master.php?f=delete service` endpoint.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Simple Online Men's Salon Management System version 1.0 **Description** The software is susceptible to SQL Injection through the `/admin/services/manage service.php` endpoint. The `manage service.php` file is vulnerable. The vulnerability allows for potential unauthorized access to the database. The vulnerable parameter is not specified. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/admin/services/manage service.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The Sourcecodester Pharmacy Point of Sale System version 1.0 is susceptible to SQL Injection. This issue is present in the `/pharmacy/manage supplier.php` file. The vulnerability allows for potential unauthorized access to the database. The vulnerable parameter is not specified. **Recommendations** Apply any available updates or patches for the Sourcecodester Pharmacy Point of Sale System version 1.0. As a temporary workaround, restrict access to the `/pharmacy/manage supplier.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The software is susceptible to SQL Injection. The issue is located in the `/pharmacy/manage category.php` file. The `manage category.php` script does not properly sanitize user-supplied input, allowing attackers to inject malicious SQL code. This could potentially allow an attacker to bypass security checks and gain unauthorized access to the database. The vulnerable parameter is not specified. **Recommendations** Apply proper input validation and sanitization techniques to all user-supplied data used in SQL queries within the `/pharmacy/manage category.php` file.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Online Men's Salon Management System version 1.0 Sourcecodester Simple Online Men's Salon Management System version 1.0 **Description** The software is susceptible to SQL Injection. This issue affects the `/msms/classes/Master.php?f=delete appointment` endpoint. The `f` parameter is vulnerable. Successful exploitation could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data modification, or data deletion. **Recommendations** Apply input validation and sanitization to the `f` parameter in the `/msms/classes/Master.php` file.