Yangqiangfeng

**Name of the Vulnerable Software and Affected Versions** CodeAstro Ingredients Stock Management System version 1.0 **Description** An issue exists in the file '/Ingredients-Stock/add stock.php' where the manipulation of the `ID` argument allows for SQL injection, a technique used to execute malicious SQL statements that can interfere with the application's database. This attack can be launched remotely. **Recommendations** Update CodeAstro Ingredients Stock Management System to a version newer than 1.0. As a temporary workaround, restrict access to the '/Ingredients-Stock/add stock.php' file or avoid using the `ID` parameter until a patch is applied.

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home employee.php. The manipulation of the argument emp id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.