Yeliuyun

A security flaw has been discovered in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a usr/a pwd results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

Name of the Vulnerable Software and Affected Versions Easy Blog Site version 1.0 Description A SQL injection flaw exists in the `post.php` file. A remote attacker can exploit this by manipulating the `tags` parameter. Recommendations Avoid using the parameter `tags` in the `post.php` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A SQL injection issue exists in itsourcecode Construction Management System version 1.0. The issue is located in an unknown function within the `/borrowed equip.php` file of the Parameter Handler component. Manipulation of the `emp` argument can lead to SQL injection. The attack can be initiated remotely and has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/borrowed equip.php` file or the Parameter Handler component.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A security flaw exists in code-projects Online Music Site 1.0. The issue involves a SQL injection impacting an unknown function within the file `/Administrator/PHP/AdminUpdateUser.php`. Manipulation of the `ID` argument allows for remote execution of the attack. The exploit has been publicly released and may be used for attacks. **Recommendations** Restrict or disable access to the file `/Administrator/PHP/AdminUpdateUser.php` as a temporary measure. Avoid using the `ID` parameter in the `/Administrator/PHP/AdminUpdateUser.php` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.