Xiaojuzirr

**Name of the Vulnerable Software and Affected Versions** code-projects Online Shop Project version 1.0 **Description** A flaw exists in the processing of the `/login.php` file within the software. Manipulating the `Password` argument can lead to a SQL injection. This issue is remotely exploitable and details about the exploit are publicly available. **Recommendations** Apply any available updates to address the SQL injection issue in the `/login.php` file. As a temporary workaround, sanitize the `Password` argument to prevent SQL injection attacks. Restrict access to the `/login.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Shop Project version 1.0 **Description** A cross site scripting issue exists in SourceCodester Online Shop Project version 1.0. The issue is due to manipulation of the `f name` argument in the file '/shop/register.php'. This can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Apply any available updates to address the issue in the affected file '/shop/register.php'. As a temporary workaround, sanitize the `f name` input to prevent script injection.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Shop Project version 1.0 **Description** A flaw exists in SourceCodester Online Shop Project 1.0 where manipulation of the `Search` argument in the `/action.php` file can lead to SQL injection. This issue is remotely exploitable. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/action.php` file until a fix is available. Avoid using the `Search` parameter in the affected file `/action.php` until the issue is resolved.