Xkalami

**Name of the Vulnerable Software and Affected Versions** RainyGao DocSys versions through 2.02.36 **Description** A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in the file `src/com/DocSystem/mapping/GroupMemberMapper.xml` within an unknown function. Manipulating the `searchWord` argument can trigger the injection. This issue is remotely exploitable and the exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 2.02.36 should be updated.

**Name of the Vulnerable Software and Affected Versions** RainyGao DocSys versions up to 2.02.37 **Description** A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file `com/DocSystem/mapping/UserMapper.xml`. Manipulating the `Username` argument can lead to a successful attack, which can be initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** Versions prior to 2.02.37 should be updated. As a temporary workaround, restrict or carefully validate the `Username` input to prevent malicious SQL code injection.

**Name of the Vulnerable Software and Affected Versions** RainyGao DocSys versions up to 2.02.36 **Description** A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Manipulating the `searchWord` argument can trigger the SQL injection. The attack can be launched remotely. An exploit for this issue has been published. The vendor was notified but did not respond. **Recommendations** Versions prior to 2.02.36 should be updated. As a temporary workaround, consider restricting or disabling the functionality related to the `searchWord` argument in the affected file src/com/DocSystem/mapping/ReposAuthMapper.xml until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Intern Membership Management System version 1.0 **Description** A SQL injection issue exists in the Intern Membership Management System. The issue is located in the file `/intern/admin/add activity.php`. Manipulation of the `Title` argument can lead to SQL injection. Remote exploitation is possible, and the exploit is publicly available. **Recommendations** Apply a fix to address the SQL injection issue in the `/intern/admin/add activity.php` file related to the `Title` argument.

**Name of the Vulnerable Software and Affected Versions** code-projects Intern Membership Management System version 1.0 **Description** A flaw exists in code-projects Intern Membership Management System version 1.0. The issue involves a SQL injection vulnerability within an unknown function of the `/intern/admin/edit admin.php` file. Manipulation of the `admin id` argument can trigger this vulnerability, allowing for remote exploitation. The exploit has been published. **Recommendations** Apply a fix to address the SQL injection vulnerability in the `/intern/admin/edit admin.php` file, specifically related to the `admin id` argument.

**Name of the Vulnerable Software and Affected Versions** code-projects Intern Membership Management System version 1.0 **Description** A security issue exists in code-projects Intern Membership Management System version 1.0. The issue involves the manipulation of the `admin id` argument within an unknown function of the file '/intern/admin/edit students.php', leading to a SQL injection. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** For code-projects Intern Membership Management System version 1.0, sanitize the `admin id` input to prevent SQL injection. As a temporary workaround, restrict access to the file '/intern/admin/edit students.php' to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intern Membership Management System version 1.0 **Description** A SQL injection issue exists in code-projects Intern Membership Management System 1.0. The issue affects an unknown function within the `/intern/admin/edit activity.php` file. Manipulating the `activity id` argument can lead to SQL injection. Remote exploitation is possible, and the exploit has been made public. **Recommendations** Versions prior to 1.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intern Membership Management System version 1.0 **Description** A SQL injection issue exists in code-projects Intern Membership Management System version 1.0. The issue is located in the `/intern/admin/check admin.php` file, within an unknown function. Manipulating the `Username` parameter can lead to SQL injection, and the attack can be executed remotely. The exploit has been publicly disclosed. **Recommendations** Intern Membership Management System version 1.0: Sanitize or validate the `Username` parameter to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the `/intern/admin/check admin.php` file.

**Name of the Vulnerable Software and Affected Versions** code-projects Intern Membership Management System version 1.0 **Description** A flaw exists in code-projects Intern Membership Management System 1.0 where manipulation of the `Username` argument in the file '/intern/admin/add admin.php' can lead to a SQL injection. This issue is remotely exploitable and an exploit is publicly available. **Recommendations** Versions prior to 1.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** code-projects Intern Membership Management System version 1.0 **Description** A security issue exists in code-projects Intern Membership Management System 1.0. The problem involves the processing of the file '/intern/admin/delete admin.php'. Manipulation of the `admin id` argument can lead to a SQL injection. The attack can be launched remotely. The exploit has been publicly disclosed. The vulnerable endpoint is '/intern/admin/delete admin.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A SQL injection issue exists in the /FrontEnd/Albums.php file of the software. Manipulating the `ID` argument can trigger the injection. The attack can be initiated remotely, and the exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A flaw exists in code-projects Online Music Site 1.0 that allows for SQL injection. The issue is located in the file `/Administrator/PHP/AdminViewSongs.php`. Manipulating the `ID` argument can trigger the injection. The attack can be launched remotely. The exploit has been published. **Recommendations** Apply any available updates to address the vulnerability in `/Administrator/PHP/AdminViewSongs.php`. As a temporary workaround, restrict access to the `/Administrator/PHP/AdminViewSongs.php` file. Avoid using the `ID` parameter in the `/Administrator/PHP/AdminViewSongs.php` endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A security issue exists in code-projects Online Music Site 1.0 related to SQL injection. The issue is present in the /login.php file and involves manipulation of the `username` and `password` arguments. This allows for remote exploitation and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zhuimengshaonian wisdom-education versions up to 1.0.4 **Description** A flaw exists in zhuimengshaonian wisdom-education that allows for authorization bypass. This occurs through manipulation of the `subjectId` argument within an unknown function located in the file src/main/java/com/education/api/controller/student/WrongBookController.java. The attack can be initiated remotely and the exploit is publicly available. **Recommendations** Versions prior to 1.0.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zhuimengshaonian wisdom-education versions prior to 1.0.5 **Description** A security issue exists in zhuimengshaonian wisdom-education. The `uploadFile` function within the file `src/main/java/com/education/core/controller/UploadController.java` is susceptible to unrestricted file upload. Manipulation of the `File` argument can lead to remote exploitation. The exploit has been publicly disclosed. **Recommendations** Update zhuimengshaonian wisdom-education to version 1.0.5 or later. As a temporary workaround, restrict access to the `uploadFile` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** zhuimengshaonian wisdom-education versions through 1.0.4 **Description** A security issue exists in zhuimengshaonian wisdom-education. Improper authorization can occur through manipulation of the `subjectId` argument within the `selectStudentExamInfoList` function located in the file src/main/java/com/education/api/controller/student/ExamInfoController.java. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Update zhuimengshaonian wisdom-education to a version later than 1.0.4.