Y2Xsec

**Name of the Vulnerable Software and Affected Versions:** Simple Car Rental System version 1.0 **Description:** A critical issue exists in Simple Car Rental System 1.0, specifically within the `/pay.php` file. Manipulation of the `mpesa` argument can lead to SQL injection. This allows for remote exploitation. The exploit details have been publicly disclosed. **Recommendations:** As a temporary workaround, consider restricting access to the `/pay.php` file until a fix is available. Sanitize the `mpesa` argument to prevent SQL injection.

Name of the Vulnerable Software and Affected Versions: Simple Car Rental System version 1.0 Description: A critical issue has been identified in the processing of the `/admin/add cars.php` file. Manipulation of the `image` argument allows for unrestricted file upload. This issue can be exploited remotely, and the exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Simple Car Rental System version 1.0 Description: A critical vulnerability exists in the Simple Car Rental System. The vulnerability affects unknown code within the `/admin/approve.php` file. Manipulation of the `ID` argument results in a SQL injection. The attack can be initiated remotely and the exploit has been publicly disclosed. Recommendations: For Simple Car Rental System version 1.0, sanitize or validate the `ID` argument in the `/admin/approve.php` file to prevent SQL injection.

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 1.0 Description: A critical issue has been discovered in the PHPGurukul Hospital Management System, affecting an unknown functionality of the file view-medhistory.php. The manipulation of the `viewid` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For PHPGurukul Hospital Management System version 1.0, consider restricting access to the view-medhistory.php file until a patch is available. As a temporary workaround, avoid using the `viewid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Washing Management System version 1.0 Description: A critical issue was found in the PHPGurukul Car Washing Management System, affecting some unknown functionality of the file /admin/editcar-washpoint.php. The manipulation of the `wpid` argument leads to SQL injection. The attack may be launched remotely. Recommendations: For PHPGurukul Car Washing Management System version 1.0, consider restricting access to the /admin/editcar-washpoint.php file until a patch is available. As a temporary workaround, avoid using the `wpid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Library Management System version 2.0 Description: A critical issue was found in the code-projects Library Management System. This issue affects the file /admin/student edit photo.php, where the manipulation of the `photo` argument leads to unrestricted upload. The attack can be initiated remotely. Recommendations: For code-projects Library Management System version 2.0, consider restricting access to the /admin/student edit photo.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `photo` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file `/admin/candidates delete.php`. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations: For Campcodes Advanced Online Voting System version 1.0, consider restricting access to the `/admin/candidates delete.php` file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Campcodes Complaint Management System version 1.0 Description: A critical issue affects the processing of the file /admin/complaint-details.php, where the manipulation of the `cid` and `uid` arguments leads to SQL injection. This issue can be initiated remotely. Recommendations: For Campcodes Complaint Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/complaint-details.php file and validating the `cid` and `uid` arguments to prevent SQL injection until a patch is available.

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical vulnerability exists in Campcodes Advanced Online Voting System 1.0. The vulnerability affects unknown code within the `/admin/voters delete.php` file. Manipulation of the `ID` argument results in a SQL injection. The attack can be initiated remotely, and an exploit has been publicly disclosed and may be used. Recommendations: Campcodes Advanced Online Voting System version 1.0: Address the SQL injection vulnerability by sanitizing or validating the `ID` argument in the `/admin/voters delete.php` file.

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue affects the processing of the file /admin/voters add.php, allowing unrestricted upload through the manipulation of the `photo` argument. This can be initiated remotely. Recommendations: For Campcodes Advanced Online Voting System version 1.0, consider disabling the file /admin/voters add.php or restricting access to it until a fix is available. Avoid using the `photo` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue has been discovered, allowing for unrestricted file upload by manipulating the `photo` argument in an unknown function of the `/admin/candidates add.php` file. This can be exploited remotely. The exploit details have been publicly disclosed. Recommendations: For Campcodes Advanced Online Voting System version 1.0, consider restricting access to the `/admin/candidates add.php` file to prevent exploitation until a fix is available. As a temporary workaround, avoid using the `photo` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Hostel Management System version 1.0 **Description** A critical issue affects an unknown functionality of the file /empty rooms.php. The manipulation of the `search box` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For code-projects Hostel Management System version 1.0, consider restricting access to the /empty rooms.php file until a patch is available. As a temporary workaround, avoid using the `search box` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.