Xu Mingming

**Name of the Vulnerable Software and Affected Versions** SourceCodester Medicine Tracker System version 1.0 **Description** A vulnerability was found in the Password Change Handler component of the SourceCodester Medicine Tracker System, affecting the file /classes/Users.php?f=save user. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. **Recommendations** For SourceCodester Medicine Tracker System version 1.0, consider disabling the Password Change Handler component until a patch is available. Restrict access to the /classes/Users.php?f=save user file to minimize the risk of exploitation. Avoid using the affected component for password changes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Insurance Management System version 1.0 **Description** A problematic issue has been found in the Edit Insurance Policy Page component, specifically affecting the /Script/admin/core/update policy file. The manipulation of the `pname` argument leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For SourceCodester Insurance Management System version 1.0, as a temporary workaround, consider restricting access to the /Script/admin/core/update policy file or disabling the manipulation of the `pname` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Insurance Management System version 1.0 **Description** A vulnerability was found in the system, affecting an unknown functionality of the file /E-Insurance/. The manipulation leads to a direct request. The attack can be launched remotely. **Recommendations** For SourceCodester Insurance Management System version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Clinics Patient Management System version 1.0 **Description** A critical issue has been discovered, affecting the /print patients visits.php file. The `from/to` argument is vulnerable to SQL injection, which can be exploited remotely. **Recommendations** For SourceCodester Clinics Patient Management System version 1.0, consider restricting access to the /print patients visits.php file until a patch is available. As a temporary workaround, avoid using the `from/to` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Clinics Patient Management System version 1.0 **Description** A critical issue affects the processing of the file /ajax/get patient history.php, where the manipulation of the `patient id` argument leads to sql injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Clinics Patient Management System version 1.0, consider restricting access to the /ajax/get patient history.php file until a patch is available. As a temporary workaround, avoid using the `patient id` argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Online Book Store System version 1.0 **Description** A critical issue was found in the system, affecting an unknown part of the file admin delete.php. The manipulation of the `bookisbn` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For SourceCodester Simple Online Book Store System version 1.0, as a temporary workaround, consider restricting access to the `admin delete.php` file or validating and sanitizing the `bookisbn` argument to prevent SQL injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Inventory Management System version 1.0 **Description** A critical issue was found in the Order Handler component of the affected software, specifically in an unknown function of the file action.php. The manipulation of the `order id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Simple Inventory Management System version 1.0, consider restricting access to the vulnerable function in action.php to minimize the risk of exploitation. As a temporary workaround, avoid using the `order id` argument in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 **Description** A vulnerability has been found in the system, classified as problematic. The issue affects the `save users` function of the `Users.php` file, leading to cross-site request forgery. The attack can be launched remotely. **Recommendations** For SourceCodester Employee and Visitor Gate Pass Logging System version 1.0, consider disabling the `save users` function of the `Users.php` file as a temporary workaround until a patch is available. Restrict access to the `Users.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 **Description** A vulnerability was found in the function `save designation` of the file `/classes/Master.php`, which leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `save designation` function of the `/classes/Master.php` file until a patch is available. Restrict access to the `/classes/Master.php` file to minimize the risk of exploitation. Avoid using the `save designation` function in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 Description: A critical issue was found in the log employee function of the /classes/Master.php file, where the manipulation of the `employee code` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For version 1.0, consider disabling the `log employee` function until a patch is available to prevent SQL injection attacks. Restrict access to the /classes/Master.php file to minimize the risk of exploitation. Avoid using the `employee code` argument in the affected function until the issue is resolved.