Webraybtl

Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0 Description: A vulnerability has been found in the system, classified as problematic, affecting an unknown functionality of the file /ajax.php?action=save category. The manipulation of the `name` argument leads to cross-site scripting. The attack can be launched remotely. This issue poses risks such as data theft and site defacement. Recommendations: For version 1.0, patch the system and validate input on the backend to prevent exploitation. As a temporary workaround, consider restricting access to the /ajax.php?action=save category endpoint until a patch is available. Additionally, avoid using the `name` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A critical vulnerability has been found in the system, affecting some unknown functionality of the file "/ajax.php?action=signup". The manipulation of the arguments `firstname`, `lastname`, and `email` leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Best House Rental Management System version 1.0, consider disabling the `/ajax.php?action=signup` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the arguments `firstname`, `lastname`, and `email` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student Management System version 1.0 **Description** A vulnerability has been found in the SourceCodester Online Student Management System, classified as problematic. The issue affects an unknown functionality of the file edit-student-detail.php. The manipulation of the `notmsg` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester Online Student Management System version 1.0, consider disabling the functionality related to the `notmsg` argument in the edit-student-detail.php file until a patch is available. Restrict access to the edit-student-detail.php file to minimize the risk of exploitation. Avoid using the `notmsg` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BeipyVideoResolution versions up to 2.6 **Description** A problematic vulnerability was found in BeipyVideoResolution, affecting an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting and can be launched remotely. **Recommendations** For BeipyVideoResolution versions up to 2.6, consider disabling access to the admin/admincore.php file until a patch is available. Restrict access to unknown functions in this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Company Website CMS (affected versions not specified) **Description** A problematic issue has been found in the SourceCodester Company Website CMS, affecting the processing of the file /dashboard/contact. The manipulation of the `phone` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Garage Management System version 1.0 **Description** A critical vulnerability was found in the SourceCodester Garage Management System. This issue affects the file /edituser.php, where the manipulation of the `id` argument with a specific input leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Garage Management System version 1.0, consider disabling the /edituser.php file or restricting access to it until a patch is available. Avoid using the `id` argument in the /edituser.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Garage Management System version 1.0 **Description** A problematic issue was found in the software, affecting an unknown function of the file /php action/createUser.php. The manipulation of the `userName` argument with a specific input leads to cross-site scripting. This can be launched remotely. **Recommendations** For SourceCodester Garage Management System version 1.0, consider restricting the input for the `userName` argument in the /php action/createUser.php file to prevent cross-site scripting attacks. As a temporary workaround, consider validating and sanitizing all user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Hotel Booking System version 1.0 **Description** A critical issue was found in the Online Hotel Booking System, affecting an unknown functionality of the file edit room cat.php in the Room Handler component. The manipulation of the `roomname` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Online Hotel Booking System version 1.0, consider restricting access to the `edit room cat.php` file until a fix is available, and avoid using the `roomname` argument in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Hotel Booking System version 1.0 **Description** A critical issue has been discovered, affecting an unknown functionality of the file edit all room.php of the component Room Handler. The manipulation of the `id` argument with a specific input leads to sql injection. This issue can be exploited remotely. **Recommendations** For Online Hotel Booking System version 1.0, as a temporary workaround, consider restricting access to the edit all room.php file until a patch is available. Avoid using the `id` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Prison Management System. The issue is related to the manipulation of the `id` argument in the `/admin/?page=inmates/view inmate` endpoint of the Inmate Handler component. By providing a specific input, `1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+`, it leads to SQL injection. This vulnerability can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/admin/?page=inmates/view inmate` endpoint to minimize the risk of exploitation. Avoid using the `id` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A critical issue affects the Visit Handler component, specifically the file /pms/admin/visits/view visit.php. The manipulation of the `id` argument with a malicious input leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Prison Management System version 1.0, consider restricting access to the vulnerable file /pms/admin/visits/view visit.php to minimize the risk of exploitation. Avoid using the `id` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Prison Management System version 1.0 **Description** A problematic issue has been discovered, affecting some unknown functionality of the file "/admin/?page=system info" of the System Name Handler component. The manipulation of the input `<img src="" onerror="alert(1)">` leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For SourceCodester Prison Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=system info" endpoint until a patch is available. Avoid using the `onerror` attribute in the `img` tag within this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Product Show Room Site version 1.0 **Description** A problematic issue has been identified, affecting the "/admin/?page=system info/contact info" endpoint. The manipulation of the `Telephone` textbox with the input `<script>alert(1)</script>` leads to cross-site scripting. This attack can be initiated remotely but requires authentication. Details about the exploit have been publicly disclosed. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=system info/contact info" endpoint until a patch is available. Avoid using the `Telephone` textbox in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Product Show Room Site version 1.0 **Description** A vulnerability was found in the software, declared as problematic. It affects the `p=contact` parameter. The manipulation of the Message textbox with the input `<script>alert(1)</script>` leads to cross-site scripting. The attack can be initiated remotely but requires authentication. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the `p=contact` parameter until a patch is available. Avoid using the Message textbox with unvalidated input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Home Clean Services Management System version 1.0 **Description** A critical vulnerability was found in the Home Clean Services Management System, affecting the file login.php. The manipulation of the `email` argument with a specific input leads to SQL injection. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public. **Recommendations** For Home Clean Services Management System version 1.0, consider disabling the login functionality in the login.php file until a patch is available. Restrict access to the login.php file to minimize the risk of exploitation. Avoid using the `email` argument in the login.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Home Clean Services Management System version 1.0 **Description** A critical issue has been discovered, affecting an unknown part of the admin/login.php component. The manipulation of the `username` argument with a specific input leads to SQL injection. This issue can be exploited remotely, but authentication is required. Exploit details are publicly available. **Recommendations** For Home Clean Services Management System version 1.0, consider temporarily restricting access to the admin/login.php component until a patch is available. Avoid using the `username` argument in the affected login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Home Clean Services Management System version 1.0 **Description** A critical issue has been found in the software. The problem affects the "register.php?link=registerand" endpoint. By manipulating the input with `<?php phpinfo();?>`, an attacker can achieve code execution. This attack can be launched remotely but requires authentication. Details about how to exploit this issue have been made public. **Recommendations** For Home Clean Services Management System version 1.0, consider restricting access to the "register.php?link=registerand" endpoint until a patch is available. As a temporary workaround, avoid using the `<?php phpinfo();?>` input in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Home Clean Services Management System version 1.0 **Description** A problematic issue has been found in the software, affecting the "register.php?link=registerand" endpoint. The manipulation with the input `<script>alert(1)</script>` leads to cross-site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public. **Recommendations** For Home Clean Services Management System version 1.0, consider disabling the `register.php` endpoint until a patch is available to prevent cross-site scripting attacks. Restrict access to the `register.php?link=registerand` endpoint to minimize the risk of exploitation. Avoid using user-inputted data in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Student Information System version 1.0 **Description** A problematic issue was found in the Student Information System, affecting the "admin/?page=students" endpoint of the Student Roll module. The manipulation with the input `<script>alert(1)</script>` leads to authenticated cross-site scripting. Exploit details have been disclosed to the public. **Recommendations** For Student Information System version 1.0, consider disabling the `admin/?page=students` endpoint of the Student Roll module until a patch is available. Restrict access to this module to minimize the risk of exploitation. Avoid using malicious input in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoo Management System version 1.0 **Description** A problematic issue has been found in the Zoo Management System, affecting the /zoo/admin/public html/view accounts?type=zookeeper endpoint of the content module. The manipulation of the `admin name` argument with the input `<script>alert(1)</script>` leads to an authenticated cross-site scripting issue. Exploit details have been disclosed to the public. **Recommendations** For Zoo Management System version 1.0, as a temporary workaround, consider restricting access to the `/zoo/admin/public html/view accounts?type=zookeeper` endpoint until a patch is available. Avoid using the `admin name` argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.