Thirtypenny77

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Basic Library System version 1.0 **Description** An issue exists where the application is susceptible to SQL Injection, a technique that allows an attacker to interfere with the queries that an application makes to its database. This occurs in the endpoint '/librarysystem/load admin.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Personnel Property Equipment System version 1.0 **Description** The software is susceptible to SQL Injection in the `/ppes/admin/myitem reuse.php` file. The vulnerability allows for potential unauthorized access to or modification of the database. The vulnerable parameter is not specified. The `myitem reuse.php` file processes requests without sufficient sanitization of input data, potentially allowing an attacker to inject malicious SQL code. **Recommendations** Apply input validation and parameterized queries to the `/ppes/admin/myitem reuse.php` file to prevent SQL Injection.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The sourcecodester Pharmacy Point of Sale System version 1.0 is susceptible to SQL Injection through the `/pharmacy/manage user.php` file. The `manage user.php` script does not properly sanitize user-supplied input, allowing an attacker to inject malicious SQL code. The vulnerable parameter is not specified. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/pharmacy/manage user.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The software is susceptible to SQL Injection through the `/pharmacy/view supplier.php` endpoint. The `view supplier.php` file is vulnerable to this issue. The vulnerability allows for potential unauthorized access or manipulation of data within the system. **Recommendations** Apply updates or patches to address the SQL Injection issue in the `/pharmacy/view supplier.php` file.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The sourcecodester Pharmacy Point of Sale System version 1.0 is susceptible to SQL Injection. The issue affects the `/pharmacy/view category.php` endpoint. The `view category.php` script does not properly sanitize user-supplied input, allowing attackers to inject malicious SQL code. The vulnerable parameter is not explicitly identified. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/pharmacy/view category.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The sourcecodester Pharmacy Point of Sale System version 1.0 is susceptible to SQL Injection through the `/pharmacy/view product.php` endpoint. The vulnerability exists due to insufficient input validation, potentially allowing an attacker to manipulate database queries. The vulnerable parameter is not specified. **Recommendations** Apply updates to address the SQL Injection issue in the `/pharmacy/view product.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Pharmacy Point of Sale System version 1.0 **Description** The software is susceptible to a SQL Injection issue. This flaw is located in the `/pharmacy/view receipt.php` component. The vulnerability allows for potential unauthorized access to or modification of data within the system. The vulnerable parameter is not specified. **Recommendations** Apply updates to address the SQL Injection issue in the `/pharmacy/view receipt.php` component.

**Name of the Vulnerable Software and Affected Versions** Simple Gym Management System version 1.0 **Description** The Simple Gym Management System version 1.0 is susceptible to SQL Injection. This issue affects the `/gym/trainer search.php` endpoint. The `trainer search.php` script is vulnerable due to insufficient input validation, potentially allowing an attacker to manipulate database queries through the injection of malicious SQL code. The vulnerable parameter is not specified. **Recommendations** Apply input validation and sanitization techniques to all user-supplied data used in SQL queries within the `/gym/trainer search.php` script.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Food Order System version 1.0 **Description** The Simple Food Order System version 1.0 is susceptible to SQL Injection. This issue affects the `/food/routers/edit-orders.php` endpoint. The `edit-orders.php` file is vulnerable, potentially allowing attackers to manipulate database queries. The vulnerable parameter is not specified. **Recommendations** Apply appropriate input validation and sanitization techniques to prevent SQL Injection attacks in the `/food/routers/edit-orders.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** Simple Food Order System version 1.0 **Description** The Simple Food Order System version 1.0 is susceptible to SQL Injection. This issue affects the `/food/view-ticket.php` endpoint. The `ticket id` parameter within this endpoint is likely vulnerable. Successful exploitation could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data modification, or disclosure. **Recommendations** Apply input validation and sanitization to the `ticket id` parameter in the `/food/view-ticket.php` endpoint to prevent the injection of malicious SQL code.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Food Order System version 1.0 **Description** The Simple Food Order System version 1.0 contains a SQL Injection flaw in the `/food/view-ticket-admin.php` file. The issue allows for potential unauthorized database access or modification through manipulation of SQL queries. The vulnerable parameter is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Food Order System version 1.0 **Description** The Simple Food Order System version 1.0 is susceptible to SQL Injection. The issue is located in the '/food/routers/cancel-order.php' component. The vulnerability allows for potential unauthorized access to the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Student Alumni System version 1.0 **Description** SQL Injection exists in the '/TracerStudy/modal edit.php' endpoint. SQL Injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** As a temporary workaround, restrict access to the '/TracerStudy/modal edit.php' endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Student Alumni System version 1.0 **Description** The Simple Student Alumni System is susceptible to a SQL Injection issue. This flaw is located in the `/TracerStudy/modal view.php` file. The vulnerability allows for potential unauthorized access or manipulation of data through crafted SQL queries. The vulnerable parameter is not specified. **Recommendations** Apply appropriate input validation and sanitization techniques to the `modal view.php` file to prevent the injection of malicious SQL code.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Student Alumni System version 1.0 **Description** The Simple Student Alumni System is susceptible to SQL Injection in the `/TracerStudy/recordstudent edit.php` file. The vulnerability exists due to insufficient input validation, potentially allowing an attacker to manipulate database queries. The vulnerable parameter is not specified. **Recommendations** Apply input validation and sanitization to all user-supplied data used in database queries within the `/TracerStudy/recordstudent edit.php` file.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Personnel Property Equipment System version 1.0 **Description** The software is susceptible to a SQL Injection issue. The vulnerability exists in the `/ppes/admin/advance search.php` file. The vulnerable parameter is not specified. **Recommendations** Apply a fix to the `/ppes/admin/advance search.php` file to address the SQL Injection issue.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Personnel Property Equipment System version 1.0 **Description** The software contains a flaw that allows for arbitrary code execution. This issue is present in the 'ip/ppes/admin/admin change picture.php' component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** The issue is a Cross-Site Request Forgery (CSRF) that affects the component `/admin/ipRecord deal.php` with parameters `mudi=del`, `dataType=`, and `dataID=1`. This allows for unauthorized actions to be performed. **Recommendations** For idccms version 1.35, as a temporary workaround, consider restricting access to the `/admin/ipRecord deal.php` component until a patch is available. Avoid using the parameters `mudi`, `dataType`, and `dataID` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in the component "/admin/userSys deal.php?mudi=infoSet". This allows for potential unauthorized actions on the affected system. **Recommendations** For idccms version 1.35, as a temporary workaround, consider restricting access to the "/admin/userSys deal.php" endpoint until a patch is available. Avoid using the `mudi` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in the component /admin/info deal.php?mudi=del&dataType=news&dataTypeCN. This issue allows for unauthorized requests to be made. The `mudi`, `dataType`, and `dataTypeCN` variables are involved in the vulnerability. **Recommendations** For idccms version 1.35, as a temporary workaround, consider disabling access to the /admin/info deal.php component until a patch is available. Restrict access to the `mudi`, `dataType`, and `dataTypeCN` variables in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.