Wenzhuolin

Name of the Vulnerable Software and Affected Versions itsourcecode Online Cellphone System version 1.0 Description A flaw exists in itsourcecode Online Cellphone System 1.0 within the Parameter Handler component, specifically in the file `/cp/available.php`. Manipulation of the `Name` argument can lead to SQL injection. This attack can be initiated remotely and an exploit is publicly available. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Concert Ticket Reservation System version 1.0 Description A security flaw exists in code-projects Concert Ticket Reservation System 1.0. The issue is related to an unknown functionality within the `/ConcertTicketReservationSystem-master/process search.php` file of the Parameter Handler component. Manipulation of the `searching` argument results in SQL injection. The attack can be initiated remotely, and the exploit has been publicly released. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions code-projects Concert Ticket Reservation System version 1.0 Description A weakness exists in the code-projects Concert Ticket Reservation System 1.0. The issue affects an unknown part of the file `/ConcertTicketReservationSystem-master/login.php` within the Parameter Handler component. Manipulation of the `Email` argument can lead to SQL injection. The attack can be launched remotely, and the exploit has been made publicly available. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/ConcertTicketReservationSystem-master/login.php` file.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Directory Management System version 1.0 **Description** A flaw exists in itsourcecode Directory Management System that allows for remote code execution. The issue is located within the `/admin/forget-password.php` file. Specifically, manipulating the `email` parameter leads to a SQL injection. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode News Portal Project version 1.0 **Description** A flaw exists in itsourcecode News Portal Project 1.0 that allows for SQL injection. This issue is located in the `/admin/aboutus.php` file, specifically through manipulation of the `pagetitle` argument. The attack can be initiated remotely and has been publicly disclosed. **Recommendations** Apply input validation and sanitization to the `pagetitle` argument in the `/admin/aboutus.php` file.