Xiajian

**Name of the Vulnerable Software and Affected Versions** code-projects Online Ordering System version 1.0 **Description** A critical vulnerability exists in code-projects Online Ordering System. The issue involves SQL injection, specifically through manipulation of the `firstname` argument in the `/signup.php` file. This allows for remote exploitation. The exploit has been publicly disclosed. Other parameters may also be affected. **Recommendations** code-projects Online Ordering System version 1.0: Sanitize the `firstname` parameter to prevent SQL injection attacks. code-projects Online Ordering System version 1.0: Review and sanitize all other input parameters to the `/signup.php` file to identify and address potential SQL injection vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Ordering System version 1.0 **Description** A critical vulnerability exists in code-projects Online Ordering System 1.0. The vulnerability is due to a SQL injection flaw within an unknown function of the `/admin/delete user.php` file. Manipulation of the `ID` argument allows for remote execution of attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Ordering System version 1.0 **Description** A critical vulnerability exists due to SQL injection. The vulnerability affects an unknown functionality of the file `/admin/user.php`. Manipulation of the `un` argument leads to SQL injection, and the attack can be launched remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Ordering System version 1.0 **Description** A vulnerability exists in the Online Ordering System related to SQL injection. The issue is located in the `/admin/delete member.php` file. Manipulation of the `ID` argument can lead to SQL injection, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** code-projects Online Ordering System version 1.0: Sanitize or validate the `ID` argument in the `/admin/delete member.php` file to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Ordering System version 1.0 **Description** A critical issue exists in code-projects Online Ordering System. The vulnerability is due to SQL injection in the `/admin/product.php` file. The `Name` argument is susceptible to manipulation, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** code-projects Online Ordering System version 1.0: Sanitize the `Name` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Exam Form Submission version 1.0 **Description** A critical issue exists due to SQL injection. The manipulation of the `credits` argument in the processing of the file `/admin/update s1.php` can lead to exploitation. The attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Exam Form Submission version 1.0 **Description** A critical issue exists in code-projects Exam Form Submission 1.0. The vulnerability is due to a SQL injection flaw in the `/admin/update s2.php` file. Manipulation of the `credits` argument can lead to SQL injection, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/update s2.php` file to minimize the risk of exploitation. Avoid using the `credits` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Exam Form Submission version 1.0 **Description** A critical issue exists in code-projects Exam Form Submission 1.0. The vulnerability is due to SQL injection, which can be triggered by manipulating the `email` argument in the `/admin/` file. This allows for remote attacks. The exploit has been publicly disclosed. **Recommendations** Sanitize the `email` parameter before using it in SQL queries. Restrict access to the `/admin/` file to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** code-projects Exam Form Submission version 1.0 **Description** A critical vulnerability exists due to a SQL injection issue. The vulnerability is located in an unknown functionality of the file `/user/dashboard.php`. Manipulation of the `phone` argument can trigger the injection. The attack can be launched remotely and the exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting or sanitizing the `phone` argument in the `/user/dashboard.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Ordering System version 1.0 **Description** A critical issue exists in code-projects Online Ordering System. The vulnerability is due to SQL injection in the `/admin/edit product.php` file. Manipulation of the `Name` argument can lead to exploitation. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** code-projects Online Ordering System version 1.0: Sanitize the `Name` argument in the `/admin/edit product.php` file to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions:** Mobile Shop version 1.0 **Description:** A critical vulnerability exists in the file `/EditMobile.php`. The manipulation of the `ID` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations:** Address the SQL injection vulnerability in the `/EditMobile.php` file by sanitizing the `ID` argument.