Weqi

**Name of the Vulnerable Software and Affected Versions** SourceCodester Malawi Online Market version 1.0 **Description** A flaw exists in SourceCodester Malawi Online Market 1.0 that allows for SQL injection. The issue is located in the `/display.php` file, specifically through manipulation of the `ID` argument. This attack can be launched remotely. An exploit for this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Ordering System version 1.0 **Description** A SQL injection issue exists in the SourceCodester Food Ordering System. The issue is located in the Parameter Handler component, specifically within the /purchase.php file. Manipulation of the `custom` argument can lead to SQL injection. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. **Recommendations** Apply a fix to the vulnerable parameter `custom` in the /purchase.php file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Library Management System version 1.0 **Description** A SQL injection issue exists in SourceCodester Online Library Management System version 1.0. Manipulating the `searchField` argument in a function within the /home.php file of the Parameter Handler component allows for remote exploitation. The exploit is publicly available. **Recommendations** Apply any available updates or patches for SourceCodester Online Library Management System version 1.0. As a temporary workaround, sanitize or validate the `searchField` input to prevent SQL injection attacks. Restrict access to the /home.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Admission System version 1.0 **Description** A flaw exists in SourceCodester Online Admission System 1.0. The issue affects an unknown function within the `/programmes.php` file. Manipulating the `program` argument can lead to SQL injection. The attack can be launched remotely. An exploit for this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester E-Commerce Site version 1.0 **Description** A flaw exists in SourceCodester E-Commerce Site 1.0 where manipulation of the `Search` argument in the `/products.php` file leads to SQL injection. This issue can be exploited remotely. The exploit for this issue is publicly available. **Recommendations** Apply any available updates or patches for SourceCodester E-Commerce Site version 1.0. As a temporary workaround, consider sanitizing the `Search` parameter to prevent SQL injection attacks. Restrict access to the `/products.php` file if possible.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Catering Reservation version 1.0 **Description** A flaw exists in SourceCodester Online Catering Reservation 1.0 that allows for SQL injection. The issue is located in an unknown function within the `/search.php` file. Manipulating the `rcode` argument can lead to successful exploitation. This attack can be carried out remotely. An exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Eye Clinic Management System version 1.0 **Description** A security issue exists in SourceCodester Eye Clinic Management System 1.0. The vulnerability is due to SQL injection in an unknown functionality within the `/main/search index Diagnosis.php` file. Manipulation of the `Search` argument can lead to exploitation, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips College Management System version 1.0 **Description** A critical issue has been found in the Codezips College Management System, affecting some unknown functionality of the file /university.php. The manipulation of the `book name` argument leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Codezips College Management System version 1.0, consider disabling the functionality related to the /university.php file until a patch is available. As a temporary workaround, restrict access to the `book name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.