Xiaozilong

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue affects the processing of the file /view/teacher salary history1.php, where the manipulation of the `index` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, as a temporary workaround, consider restricting access to the /view/teacher salary history1.php file until a patch is available. Avoid using the `index` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A critical issue has been discovered, affecting an unknown part of the file edit faculty.php. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For Kashipara College Management System version 1.0, as a temporary workaround, consider restricting access to the `edit faculty.php` file until a patch is available. Avoid using the `id` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A critical issue has been found in the processing of the file delete user.php, where the manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Kashipara College Management System version 1.0, consider restricting access to the delete user.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown function of the file delete faculty.php. The manipulation of the `id` argument leads to SQL injection. It is possible to launch the attack remotely. **Recommendations** For Kashipara College Management System version 1.0, as a temporary workaround, consider restricting access to the delete faculty.php file until a patch is available. Avoid using the `id` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A critical issue has been found in the Kashipara College Management System, affecting some unknown functionality of the file edit user.php. The manipulation of the `id` argument leads to sql injection. The attack can be launched remotely. **Recommendations** For Kashipara College Management System version 1.0, consider disabling the `id` argument in the edit user.php file as a temporary workaround until a patch is available. Restrict access to the edit user.php file to minimize the risk of exploitation. Avoid using the `id` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A critical issue has been found, affecting an unknown function of the file submit extracurricular activity.php. The manipulation of the `activity datetime` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Kashipara College Management System version 1.0, as a temporary workaround, consider restricting access to the submit extracurricular activity.php file until a patch is available. Avoid using the `activity datetime` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes House Rental Management System version 1.0 **Description** A critical issue was found in the system, affecting the processing of the file view payment.php. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Campcodes House Rental Management System version 1.0, consider restricting access to the view payment.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Church Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown functionality of the file /admin/addgiving.php. The manipulation of the `amount` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For Campcodes Church Management System version 1.0, consider restricting access to the /admin/addgiving.php file until a patch is available. As a temporary workaround, avoid using the `amount` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Campcodes Church Management System version 1.0 **Description** A critical issue has been found in the system, affecting some unknown functionality of the file /admin/add sundaysch.php. The manipulation of the `Gender` argument leads to sql injection. The attack can be launched remotely. **Recommendations** For Campcodes Church Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/add sundaysch.php file until a patch is available. Avoid using the `Gender` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Event Management System version 1.0 **Description** A critical vulnerability was found in the system, affecting unknown code in the file /views/index.php. The manipulation of the `ID` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For version 1.0, consider restricting access to the `/views/index.php` file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Art Gallery Management System version 1.0 **Description** A critical vulnerability has been found in the system, affecting an unknown part of the file /admin/adminHome.php. The manipulation of the `uname` argument leads to sql injection, and it is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Campcodes Online Art Gallery Management System version 1.0, consider restricting access to the `/admin/adminHome.php` file until a patch is available. As a temporary workaround, avoid using the `uname` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Examination System version 1.0 **Description** A critical issue has been identified, affecting the file `/adminpanel/admin/query/deleteExamExe.php`. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Campcodes Online Examination System version 1.0, consider restricting access to the `/adminpanel/admin/query/deleteExamExe.php` file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Campcodes House Rental Management System version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the Campcodes House Rental Management System. This allows a remote attacker to execute arbitrary SQL queries. The manipulation of the `username` argument in the file `ajax.php` leads to SQL injection. The exploit has been disclosed to the public and may be used. The attack can be launched remotely. Recommendations: For Campcodes House Rental Management System version 1.0, consider disabling the `ajax.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `username` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes House Rental Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown functionality of the file index.php. The manipulation of the `page` argument leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Campcodes House Rental Management System version 1.0, consider disabling the `page` argument in the index.php file until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A problematic issue was found in DedeCMS, affecting an unknown part of the file /src/dede/vote edit.php. The manipulation of the `aid` argument leads to cross-site request forgery. It is possible to initiate the attack remotely. The issue has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the /src/dede/vote edit.php file until a patch is available. Avoid using the `aid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Marriage Registration System version 1.0 **Description** A critical vulnerability was found in the Campcodes Online Marriage Registration System. This issue affects unknown code in the file /user/search.php. The manipulation of the `searchdata` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Campcodes Online Marriage Registration System version 1.0, consider disabling the `/user/search.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `searchdata` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Online Beauty Parlor Management System version 1.0 **Description** A critical issue has been identified, affecting the /admin/index.php file. The manipulation of the `username` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Campcodes Complete Online Beauty Parlor Management System version 1.0, consider disabling the `username` argument in the /admin/index.php file as a temporary workaround until a patch is available. Restrict access to the /admin/index.php file to minimize the risk of exploitation. Avoid using the `username` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Job Finder System version 1.0 **Description** A critical issue was found in the system, affecting some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the `JOBREGID` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Campcodes Online Job Finder System version 1.0, as a temporary workaround, consider restricting access to the `/admin/applicants/controller.php` file until a patch is available. Additionally, avoid using the `JOBREGID` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara Dynamic Lab Management System versions up to 1.0 **Description** A critical issue was found in the system, affecting an unknown part of the file /admin/admin login process.php. The manipulation of the `admin password` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For versions up to 1.0, as a temporary workaround, consider restricting access to the `/admin/admin login process.php` file until a patch is available. Avoid using the `admin password` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara Food Management System versions up to 1.0 **Description** A critical issue has been found in the Kashipara Food Management System, where the manipulation of the `item name` argument leads to SQL injection. This can be exploited remotely. The issue affects an unknown function of the file addwaste entry.php. **Recommendations** For Kashipara Food Management System versions up to 1.0, consider disabling the affected function in the addwaste entry.php file until a patch is available. Restrict access to the `item name` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.