W2-L0Mechan1C

Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability has been found in the code-projects Library System, affecting unknown code of the file /add-book.php. The manipulation of the `image` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the file upload functionality in the /add-book.php file until a patch is available. Restrict access to the /add-book.php file to minimize the risk of exploitation. Avoid using the `image` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical issue affects the processing of the file /details.php in code-projects Online Bidding System. The manipulation of the `ID` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider restricting access to the /details.php file until a patch is available. Avoid using the `ID` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical vulnerability has been found in the code-projects Online Bidding System. The issue is related to an unknown function of the file /bidlog.php, where the manipulation of the `ID` argument leads to SQL injection. This allows for remote attacks. Recommendations: For code-projects Online Bidding System version 1.0, as a temporary workaround, consider restricting access to the /bidlog.php file until a patch is available. Additionally, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.