Tuba Kavgacı

**Name of the Vulnerable Software and Affected Versions** Code-projects Hotel Managment System version 1.0 **Description** The issue allows SQL Injection via the `pid` parameter in the "Hotel/admin/print.php" endpoint. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For Code-projects Hotel Managment System version 1.0, consider restricting access to the "Hotel/admin/print.php" endpoint until a patch is available. As a temporary workaround, avoid using the `pid` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Event Student Attendance System version 1.0 **Description** The issue allows SQL Injection via the `student` parameter. This could potentially lead to unauthorized access or manipulation of database content. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For Sourcecodester Event Student Attendance System version 1.0, as a temporary workaround, consider restricting access to the `student` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows SQL Injection via the `apass` parameter at the "School/index.php" endpoint. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For Code-projects Simple School Managment System version 1.0, as a temporary workaround, consider restricting access to the "School/index.php" endpoint until a patch is available. Avoid using the `apass` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows Authentication Bypass via the `username` and `password` parameters at the "School/index.php" endpoint. **Recommendations** For Code-projects Simple School Managment System version 1.0, as a temporary workaround, consider restricting access to the "School/index.php" endpoint until a patch is available. Avoid using the `username` and `password` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows SQL Injection via the `aname` parameter at the "School/index.php" endpoint. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For Code-projects Simple School Managment System version 1.0, consider restricting access to the "School/index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `aname` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Code-projects Cinema Seat Reservation System version 1.0 **Description** The issue allows SQL Injection via the `id` parameter at "/Cinema-Reservation/booking.php?id=1". This means an attacker could potentially inject malicious SQL code by manipulating the `id` variable in the specified API endpoint. **Recommendations** For Code-projects Cinema Seat Reservation System version 1.0, as a temporary workaround, consider restricting access to the "/Cinema-Reservation/booking.php" endpoint until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows SQL Injection via the `name` parameter at the "School/teacher login.php" endpoint. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For Code-projects Simple School Managment System version 1.0, consider restricting access to the "School/teacher login.php" endpoint until a patch is available. As a temporary workaround, avoid using the `name` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows SQL Injection via the `pass` parameter at the "School/teacher login.php" endpoint. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For Code-projects Simple School Managment System version 1.0, as a temporary workaround, consider restricting access to the "School/teacher login.php" endpoint or disabling the use of the `pass` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows SQL Injection via the `id` parameter at the "School/delete.php?id=5" endpoint. This means an attacker could potentially inject malicious SQL code by manipulating the `id` variable in the request to the specified endpoint. **Recommendations** For Code-projects Simple School Managment System version 1.0, as a temporary workaround, consider restricting access to the "School/delete.php" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows SQL Injection via the `id` parameter at the "School/sub delete.php?id=5" endpoint. This could potentially lead to unauthorized access or manipulation of database content. **Recommendations** For Code-projects Simple School Managment System version 1.0, consider disabling access to the "School/sub delete.php" endpoint until a patch is available. As a temporary workaround, restrict the use of the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Code-projects Simple School Managment System version 1.0 **Description** The issue allows authentication bypass via the `username` and `password` parameters at the "School/teacher login.php" endpoint. **Recommendations** For Code-projects Simple School Managment System version 1.0, consider temporarily restricting access to the "School/teacher login.php" endpoint until a patch is available. As a mitigation measure, avoid using the `username` and `password` parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Hotel Managment System version 1.0 **Description** The issue allows SQL Injection via the `sid` parameter in the "Hotel/admin/show.php?sid=2" endpoint. This means an attacker could potentially inject malicious SQL code by manipulating the `sid` variable. **Recommendations** For Code-projects Hotel Managment System version 1.0, as a temporary workaround, consider restricting access to the "Hotel/admin/show.php" endpoint or validating and sanitizing the `sid` parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Hotel Managment System version 1.0 **Description** The issue allows SQL Injection via the `rid` parameter in the "Hotel/admin/roombook.php" endpoint. This could potentially be exploited by manipulating the `rid` parameter to inject malicious SQL code. **Recommendations** For Code-projects Hotel Managment System version 1.0, consider restricting access to the "Hotel/admin/roombook.php" endpoint until a patch is available. As a temporary workaround, avoid using the `rid` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Hotel Managment System version 1.0 **Description** The issue allows SQL Injection via the `eid` parameter in the "Hotel/admin/usersettingdel.php?eid=2" endpoint. This means an attacker could potentially inject malicious SQL code by manipulating the `eid` variable. **Recommendations** For Code-projects Hotel Managment System version 1.0, as a temporary workaround, consider restricting access to the "Hotel/admin/usersettingdel.php" endpoint until a patch is available. Avoid using the `eid` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Travel Journal Using PHP and MySQL with Source Code version 1.0 **Description** A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `location` parameter at "/travel-journal/write-journal.php". **Recommendations** For version 1.0, consider disabling access to the "/travel-journal/write-journal.php" endpoint until a patch is available. Restrict input to the `location` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.