Xuanyuesanshi

**Name of the Vulnerable Software and Affected Versions** Simple Flight Ticket Booking System version 1.0 **Description** A cross site scripting issue exists in Simple Flight Ticket Booking System 1.0. The issue is located in the `showhistory.php` file, within an unknown function. The manipulation of this function can lead to cross site scripting. The exploit for this issue has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Employee Profile Management System version 1.0 **Description** A flaw exists in the Employee Profile Management System that allows for remote code execution. The issue is located in the `/view personnel.php` file. Manipulation of the `per id` argument can lead to SQL injection. The exploit has been publicly disclosed. **Recommendations** Apply any available updates to address the vulnerability in the affected version. As a temporary workaround, restrict access to the `/view personnel.php` file. Sanitize the `per id` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Employee Profile Management System version 1.0 **Description** A security flaw exists in code-projects Employee Profile Management System 1.0. The issue involves unrestricted file upload due to the manipulation of the `per file` argument within an unknown function of the file '/profiling/add file query.php'. This allows for remote exploitation. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Employee Profile Management System version 1.0 **Description** An issue exists in the processing of the `/view personnel.php` file within the Employee Profile Management System. Manipulation of the `per address`, `dr school`, or `other school` arguments can lead to cross site scripting. The attack may be initiated remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Cafe Ordering System version 1.0 **Description** A security flaw exists in Simple Cafe Ordering System 1.0. The issue involves cross site scripting, potentially initiated remotely, through manipulation of the `product name` argument in the file '/add to cart'. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Cafe Ordering System version 1.0 **Description** A SQL injection issue exists in Simple Cafe Ordering System 1.0. The issue is related to the manipulation of the `Username` parameter within the /login.php file. This manipulation can be performed remotely. An exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Human Resource Integrated System version 1.0 **Description** A problematic vulnerability exists in code-projects Human Resource Integrated System 1.0. The issue affects an unknown function within the `/insert-and-view/action.php` file. Manipulation of the argument content leads to Cross-Site Scripting (XSS). The attack can be executed remotely, and the exploit has been publicly disclosed and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Human Resource Integrated System version 1.0 **Description** A critical vulnerability exists in code-projects Human Resource Integrated System 1.0, affecting some unknown processing of the file `/insert-and-view/action.php`. Manipulation of the argument content leads to a SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intern Membership Management System version 1.0 **Description** A critical issue exists in Intern Membership Management System 1.0. The vulnerability is due to SQL injection caused by the manipulation of the `user name`/`password` argument in the `/student login.php` file. This allows for remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/student login.php` file until a fix is available. Sanitize the `user name` and `password` parameters before using them in SQL queries.

**Name of the Vulnerable Software and Affected Versions** Intern Membership Management System version 1.0 **Description** A flaw exists in the Error Message Handler component of the software, specifically within the `fill details.php` file. Manipulation of the `email` argument can lead to cross-site scripting (XSS). This issue can be exploited remotely. The exploit for this issue has been publicly disclosed. **Recommendations** As a temporary workaround, consider sanitizing the `email` input to prevent the injection of malicious scripts. Restrict access to the `fill details.php` file to minimize the risk of exploitation.