Tehs

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A cross site scripting issue exists in itsourcecode Society Management System 1.0. The issue is related to the manipulation of the `detail` argument in the file '/admin/expenses.php'. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Address the manipulation of the `detail` argument in the '/admin/expenses.php' file.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Society Management System version 1.0 **Description** A security flaw exists in itsourcecode Society Management System 1.0. The manipulation of the `Title` argument in the file '/admin/activity.php' can lead to cross site scripting. This attack can be launched remotely. The exploit has been publicly released. **Recommendations** Apply any available updates or patches for itsourcecode Society Management System version 1.0. As a temporary workaround, consider restricting access to the file '/admin/activity.php'. Sanitize the `Title` argument to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Food Ordering System version 1.0 **Description** A critical issue was found in the Campcodes Online Food Ordering System, affecting some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument `1 price` leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the functionality related to the `1 price` argument in the /routers/menu-router.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Food Ordering System version 1.0 **Description** A critical issue has been discovered, affecting an unknown part of the file /routers/add-item.php. The manipulation of the `price` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For Campcodes Online Food Ordering System version 1.0, consider restricting access to the /routers/add-item.php file until a patch is available. As a temporary workaround, avoid using the `price` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Gym Management System version 1.0 **Description** A critical issue was found in the itsourcecode Gym Management System, affecting some unknown functionality of the file "/ajax.php?action=save schedule". The manipulation of the `member id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For itsourcecode Gym Management System version 1.0, consider restricting access to the "/ajax.php?action=save schedule" endpoint until a patch is available. As a temporary workaround, avoid using the `member id` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Gym Management System version 1.0 **Description** A critical issue has been found in the itsourcecode Gym Management System. The problem affects the /ajax.php?action=save payment API endpoint, where the manipulation of the `registration id` argument can lead to SQL injection. This issue can be exploited remotely. **Recommendations** For itsourcecode Gym Management System version 1.0, consider restricting access to the /ajax.php?action=save payment API endpoint until a fix is available. As a temporary workaround, avoid using the `registration id` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.