Xcode0X

Name of the Vulnerable Software and Affected Versions: Mayuri K Employee Management System versions up to 192.168.70.3 Description: A critical issue affects some unknown functionality of the file /hr soft/admin/Update User.php. The manipulation of the `id` argument leads to SQL injection. The attack may be launched remotely. Recommendations: For Mayuri K Employee Management System versions up to 192.168.70.3, as a temporary workaround, consider restricting access to the /hr soft/admin/Update User.php file until a patch is available. Avoid using the `id` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Contact Manager with Export to VCF version 1.0 Description: A critical issue has been found in the SourceCodester Contact Manager with Export to VCF. The problem affects the /endpoint/delete-contact.php file, where the manipulation of the `contact` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For SourceCodester Contact Manager with Export to VCF version 1.0, consider disabling the /endpoint/delete-contact.php endpoint until a patch is available to prevent SQL injection attacks. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `contact` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Image Compressor Tool version 1.0 Description: A problem has been found in the processing of the file /image-compressor/compressor.php, which can lead to cross site scripting when the `image` argument is manipulated. The attack can be initiated remotely. Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the /image-compressor/compressor.php file until a patch is available. Avoid using the `image` argument in the affected processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Expense Tracker App version 1 **Description** A problematic issue has been found in the file add category.php of the component Category Handler. The manipulation of the `category name` argument leads to cross site scripting. The attack may be launched remotely. **Recommendations** For version 1, as a temporary workaround, consider restricting the use of the `category name` argument in the add category.php file until a patch is available. Avoid using the `category name` argument in the affected Category Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Toll Tax Management System version v1 **Description** The issue is related to SQL Injection, where an attacker can inject malicious SQL code to manipulate the database. This can lead to unauthorized access to sensitive data. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Update to a version that includes a fix for the SQL Injection issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Expense Tracker App version 1 **Description** The issue is related to Cross Site Scripting (XSS) via the `add category` feature. This means an attacker could potentially inject malicious scripts into the application, affecting users who interact with the compromised category. **Recommendations** For Sourcecodester Expense Tracker App version 1, as a temporary workaround, consider disabling the `add category` feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation. Avoid using the `add category` functionality in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.