Underatted

**Name of the Vulnerable Software and Affected Versions** Simple Food Ordering System version 1.0 **Description** A weakness exists in the processing of the `/addcategory.php` file. Manipulation of the `cname` argument can lead to cross site scripting. The attack can be initiated remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Food Ordering System version 1.0 **Description** A security issue exists in code-projects Simple Food Ordering System 1.0. The issue is related to cross site scripting, which can be triggered by manipulating the `pname` argument within the file '/editcategory.php'. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** For code-projects Simple Food Ordering System version 1.0, sanitize the `pname` input to prevent the injection of malicious scripts. As a temporary workaround, restrict access to the '/editcategory.php' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Food Ordering System version 1.0 **Description** A security flaw exists in code-projects Simple Food Ordering System 1.0. The issue affects unknown code within the `/addproduct.php` file. Manipulation of the `pname`/`category`/`price` arguments can lead to cross site scripting. The attack can be launched remotely, and an exploit is publicly available. **Recommendations** code-projects Simple Food Ordering System version 1.0: Sanitize the `pname`, `category`, and `price` parameters in the `/addproduct.php` file to prevent cross site scripting.

**Name of the Vulnerable Software and Affected Versions** Simple Food Ordering System version 1.0 **Description** A security issue exists in Simple Food Ordering System 1.0 where manipulation of the `pname`/`category`/`price` argument in the `/editproduct.php` file can lead to cross site scripting. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Food Ordering System version 1.0 **Description** A security issue exists that allows for unrestricted file upload. This occurs due to manipulation of the `photo` argument within an unknown function of the `/editproduct.php` file. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** Apply any available updates to address the unrestricted upload issue in the `/editproduct.php` file. As a temporary workaround, restrict access to the `/editproduct.php` file to minimize the risk of exploitation. Avoid uploading untrusted files through the `photo` parameter.

**Name of the Vulnerable Software and Affected Versions** code-projects Voting System version 1.0 **Description** A cross site scripting issue exists due to the manipulation of the `Firstname`, `Lastname`, and `Platform` arguments in the file '/admin/voters add.php'. The attack can be executed remotely. The exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Voting System version 1.0 **Description** A flaw exists in code-projects Voting System 1.0, specifically within an unknown function of the `/admin/candidates edit.php` file. Manipulation of the `Firstname`, `Lastname`, and `Platform` arguments can lead to cross site scripting. Remote exploitation is possible, and an exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Voting System version 1.0 **Description** A security issue exists in code-projects Voting System 1.0. Manipulation of the `photo` argument in the file '/admin/voters add.php' allows for unrestricted file upload. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Small CRM version 4.0 **Description** A flaw exists in PHPGurukul Small CRM 4.0 related to the processing of the `email` argument within a file, specifically /forgot-password.php. Manipulation of this argument can result in a SQL injection. The issue is exploitable remotely. The exploit code has been publicly released. The vulnerable component is an unknown function within the affected file. **Recommendations** Apply a fix for PHPGurukul Small CRM version 4.0 to address the SQL injection issue in the /forgot-password.php file.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Online Shopping System version 1.0 **Description** A flaw exists in Projectworlds Online Shopping System that allows for SQL injection. This issue affects an unknown part of the `/store/cart add.php` file. Manipulation of the `ID` argument can lead to exploitation. The issue is potentially exploitable from a remote location and an exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A SQL injection issue exists in SourceCodester Pet Grooming Management Software version 1.0. The issue is located in the file `/admin/print inv.php`. Manipulation of the `ID` parameter can lead to SQL injection. The attack can be executed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.