Xu17

**Name of the Vulnerable Software and Affected Versions** Refugee Food Management System version 1.0 **Description** A SQL injection issue exists in Refugee Food Management System version 1.0. The issue is related to the processing of the file `/home/regfood.php`. Manipulation of the `a` argument can lead to SQL injection. Remote exploitation is possible. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Refugee Food Management System version 1.0 **Description** A flaw exists in Refugee Food Management System 1.0 that allows for SQL injection. Manipulation of the arguments `refNo`, `Fname`, `Lname`, `sex`, `age`, `contact`, and `nationality nid` can lead to a successful attack. This can be executed remotely. The exploit has been published. The vulnerable file is located at '/home/refugee.php' and involves an unknown function. **Recommendations** Apply any available updates or patches to address the SQL injection issue. As a temporary workaround, sanitize or validate the input for the `refNo`, `Fname`, `Lname`, `sex`, `age`, `contact`, and `nationality nid` arguments before using them in SQL queries. Restrict access to the '/home/refugee.php' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Refugee Food Management System version 1.0 **Description** A security issue exists in Refugee Food Management System 1.0. The issue involves potential SQL injection due to manipulation of the argument `a/b/c/sex/d/e/nationality nid` within the file '/home/editrefugee.php'. This manipulation affects unknown code within the file. The attack can be launched remotely, and details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Refugee Food Management System version 1.0 **Description** A weakness exists in Refugee Food Management System 1.0. The issue is related to the manipulation of the argument `a/b/c/d` in the file '/home/editfood.php', which can lead to SQL injection. This manipulation can be initiated remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A flaw exists in CodeAstro Real Estate Management System 1.0. The issue involves a SQL injection impacting an unknown function within the `/admin/stateadd.php` file of the Administrator Endpoint component. This manipulation can be initiated remotely. The exploit is publicly available. The vulnerable parameter is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A security issue exists in CodeAstro Real Estate Management System 1.0. The issue involves a potential SQL injection due to manipulation of the `ID` argument within an unknown function of the `/admin/userdelete.php` file, accessible through the Administrator Endpoint. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A flaw exists in CodeAstro Real Estate Management System that allows for sql injection. The issue is located in the Administrator Endpoint, specifically within the file `/admin/useragentdelete.php` and an unknown function. This can be triggered remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A security flaw exists in CodeAstro Real Estate Management System 1.0. The issue involves a SQL injection impacting an unknown function within the `/admin/userbuilderdelete.php` file of the Administrator Endpoint component. This allows for remote exploitation. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-852 version 1.00 **Description** A flaw exists in the processing of the `/gena.cgi` file on the device. Manipulating the `service` argument can lead to command injection, allowing for remote execution of commands. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross-site scripting issue exists in MiczFlor RPi-Jukebox-RFID. The issue is related to an unknown functionality within the `/htdocs/cardEdit.php` file. This manipulation can lead to cross-site scripting, and the attack can be launched remotely. The exploit has been publicly disclosed. Recommendations: Versions prior to 2.8.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross-site scripting issue exists in MiczFlor RPi-Jukebox-RFID. The issue affects an unknown part of the `/htdocs/cardRegisterNew.php` file. Remote attackers can execute manipulation, potentially leading to cross-site scripting. The exploit has been publicly disclosed. The vendor was contacted but did not respond. Recommendations: Update to a version beyond 2.8.0. Consider temporarily restricting access to the `/htdocs/cardRegisterNew.php` file.

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross site scripting issue exists due to manipulation of an unknown functionality within the `/htdocs/manageFilesFolders.php` file. Remote exploitation is possible. The exploit has been made public. The vendor was contacted but did not respond. Recommendations: Versions prior to 2.8.0: Address the manipulation of the unknown functionality within the `/htdocs/manageFilesFolders.php` file to prevent cross site scripting.

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A flaw has been found in MiczFlor RPi-Jukebox-RFID. The manipulation of the `Email address` argument in an unknown function of the file `/htdocs/inc.setWlanIpMail.php` causes cross site scripting. The attack may be initiated remotely. Recommendations: Versions prior to 2.8.0 should be updated. As a temporary workaround, consider restricting access to the `/htdocs/inc.setWlanIpMail.php` file until a patch is available.

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A security flaw exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The issue is due to os command injection in an unknown function of the file `/htdocs/api/playlist/single.php` when manipulating the `playlist` argument. This allows for remote exploitation. The exploit has been publicly released. Recommendations: Versions prior to 2.8.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A weakness exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. This issue affects an unknown functionality within the `/htdocs/api/playlist/shuffle.php` file. Manipulation of the `playlist` argument can lead to OS command injection. The attack can be launched remotely. The exploit has been made publicly available. The vendor was notified but did not respond. Recommendations: Versions prior to 2.8.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FLIR AX8 versions up to 1.46 **Description** A critical issue affects the FLIR AX8, where the manipulation of the `File` argument in the "/upload.php" API endpoint leads to unrestricted file upload. This can be initiated remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For FLIR AX8 versions up to 1.46, as a temporary workaround, consider restricting access to the "/upload.php" API endpoint to minimize the risk of exploitation. Avoid using the `File` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Life Insurance Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown part of the file /insertClient.php. The manipulation of the `client id` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For Projectworlds Life Insurance Management System version 1.0, as a temporary workaround, consider restricting access to the `/insertClient.php` file until a patch is available. Avoid using the `client id` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Life Insurance Management System version 1.0 **Description** A critical issue was found in the system, affecting some unknown functionality of the file /insertagent.php. The manipulation of the `agent id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Projectworlds Life Insurance Management System version 1.0, consider restricting access to the /insertagent.php file until a patch is available. As a temporary workaround, avoid using the `agent id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Life Insurance Management System version 1.0 **Description** A critical issue has been identified, affecting the /insertNominee.php file. The `client id` and `nominee id` arguments are vulnerable to SQL injection. This issue can be exploited remotely. **Recommendations** For Projectworlds Life Insurance Management System version 1.0, consider restricting access to the /insertNominee.php file until a fix is available. As a temporary workaround, avoid using the `client id` and `nominee id` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Life Insurance Management System version 1.0 **Description** A critical issue affects the processing of the file "/insertPayment.php". The manipulation of the argument `recipt no` leads to SQL injection. The attack may be initiated remotely. **Recommendations** For Projectworlds Life Insurance Management System version 1.0, consider restricting access to the "/insertPayment.php" file until a patch is available. As a temporary workaround, avoid using the `recipt no` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.