Wangjiawei

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical vulnerability was found in the 1000 Projects Portfolio Management System MCA. The issue affects an unknown function of the file /update ach details.php. Manipulation of the `q` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the unknown function of the file /update ach details.php until a patch is available. Restrict access to the /update ach details.php file to minimize the risk of exploitation. Avoid using the `q` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical issue has been identified, allowing for SQL injection through the manipulation of the `username` and `password` arguments in an unknown function of the file `/admin/admin login.php`. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For 1000 Projects Portfolio Management System MCA version 1.0, consider disabling the affected function in `/admin/admin login.php` to prevent SQL injection attacks until a patch is available. Restrict access to the `/admin/admin login.php` file to minimize the risk of exploitation. Avoid using the `username` and `password` arguments in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical vulnerability has been found in the 1000 Projects Portfolio Management System MCA. The issue is related to an unknown function of the file /add personal details.php, where the manipulation of the `profile` argument leads to unrestricted upload. This can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For version 1.0, consider restricting access to the /add personal details.php file until a patch is available. As a temporary workaround, avoid using the `profile` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown functionality of the file /update pd process.php. The manipulation of the `profile` argument leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the functionality related to the /update pd process.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `profile` argument in the affected functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical vulnerability was found in the 1000 Projects Portfolio Management System MCA. This issue affects an unknown part of the file /update ach.php. The manipulation of the argument `ach certy` leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the upload functionality related to the `ach certy` argument in the /update ach.php file until a patch is available. Restrict access to the /update ach.php file to minimize the risk of exploitation. Avoid using the `ach certy` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical issue affects the processing of the file /add achievement details.php, where the manipulation of the argument `ach certy` leads to unrestricted upload. The attack can be initiated remotely. **Recommendations** For version 1.0, consider restricting access to the /add achievement details.php file until a patch is available. As a temporary workaround, avoid using the `ach certy` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical vulnerability has been found in the 1000 Projects Portfolio Management System MCA. This issue affects an unknown part of the file /update pro details.php. The manipulation of the argument `q` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the /update pro details.php file until a patch is available. Avoid using the argument `q` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical vulnerability was found in the 1000 Projects Portfolio Management System MCA. This issue affects the file /update personal details.php and can be exploited through the manipulation of the `q` argument, leading to SQL injection. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling access to the /update personal details.php file until a patch is available. As a temporary workaround, restrict the manipulation of the `q` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Portfolio Management System MCA version 1.0 **Description** A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown processing of the file /update edu details.php. The manipulation of the argument `q` leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the /update edu details.php file until a patch is available. Avoid using the argument `q` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: The issue is related to the update ex detail.php script in the Portfolio Management System, where the `q` parameter is not properly sanitized, leading to a SQL injection vulnerability. This can allow a remote attacker to gain unauthorized access to read, modify, and delete data, as well as execute arbitrary code by sending a specially crafted request. The attack can be initiated remotely. Recommendations: For 1000 Projects Portfolio Management System MCA version 1.0, consider disabling the `update ex detail.php` script or restricting access to it until a patch is available. As a temporary workaround, avoid using the `q` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips Project Management System version 1.0 **Description** A critical vulnerability was found in the Codezips Project Management System. It affects an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the `name` argument leads to SQL injection. The attack can be launched remotely. Other parameters might also be affected. **Recommendations** For Codezips Project Management System version 1.0, as a temporary workaround, consider restricting access to the /pages/forms/advanced.php file until a patch is available. Additionally, avoid using the `name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.