Yesec

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Church Management Software version 1.1 **Description** A critical vulnerability has been found in the software, affecting an unknown functionality of the file /admin/app/web crud.php. The manipulation of the `encryption` argument leads to SQL injection. The attack can be launched remotely. Other parameters might be affected as well. **Recommendations** For version 1.1, consider disabling access to the /admin/app/web crud.php file until a patch is available. As a temporary workaround, restrict the manipulation of the `encryption` argument to minimize the risk of SQL injection exploitation. Avoid using the `encryption` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Church Management Software version 1.1 **Description** A critical issue has been found in the software, affecting an unknown function of the file /admin/edit slider.php. The manipulation of the `id` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.1, consider disabling the /admin/edit slider.php file or restricting access to it until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Church Management Software version 1.1 **Description** A critical issue has been found in the software, affecting an unknown part of the file /admin/app/role crud.php. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.1, consider disabling access to the /admin/app/role crud.php file until a patch is available. Restrict the use of the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Church Management Software version 1.1 **Description** A critical issue affects the processing of the file /admin/app/profile crud.php, leading to sql injection. The attack may be initiated remotely. Multiple parameters might be affected. **Recommendations** For SourceCodester Best Church Management Software version 1.1, consider restricting access to the /admin/app/profile crud.php file until a patch is available. As a temporary workaround, avoid using parameters that may be affected by the sql injection issue in the /admin/app/profile crud.php file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best Church Management Software version 1.1 **Description** A critical issue has been identified, affecting unknown code in the file /admin/app/slider crud.php. The manipulation of the `del id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Best Church Management Software version 1.1, consider restricting access to the /admin/app/slider crud.php file until a patch is available. As a temporary workaround, avoid using the `del id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Doctors Appointment System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown functionality of the file login.php. The manipulation of the `useremail` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Doctors Appointment System version 1.0, consider temporarily restricting access to the login.php file until a patch is available. As a mitigation measure, avoid using the `useremail` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Inventory Management System version 1.0 **Description** A critical issue has been found in the SourceCodester Inventory Management System, affecting the file product data.php. The manipulation of the `columns[1][data]` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Inventory Management System version 1.0, as a temporary workaround, consider restricting access to the `product data.php` file until a patch is available. Avoid using the `columns[1][data]` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Resort Reservation System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Resort Reservation System, affecting the file view fee.php. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Resort Reservation System version 1.0, consider restricting access to the view fee.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Inventory Management System version 1.0 **Description** A critical issue was found in the SourceCodester Inventory Management System, affecting the file catagory data.php. The manipulation of the `columns[1][data]` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Inventory Management System version 1.0, consider restricting access to the vulnerable file catagory data.php to minimize the risk of exploitation. As a temporary workaround, avoid using the `columns[1][data]` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Inventory Management System version 1.0 **Description** A critical issue affects the processing of the file ex catagory data.php, where the manipulation of the argument `columns[1][data]` leads to sql injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Inventory Management System version 1.0, consider restricting access to the file ex catagory data.php to minimize the risk of exploitation. As a temporary workaround, avoid using the argument `columns[1][data]` in the affected processing until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Free Hospital Management System for Small Practices version 1.0 **Description** A critical issue has been discovered, affecting an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the `id` argument leads to sql injection, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** For SourceCodester Free Hospital Management System for Small Practices version 1.0, consider restricting access to the /vm/doctor/doctors.php?action=view endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `id` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Resort Reservation System version 1.0 **Description** A critical issue was found in the manage user.php file, where the manipulation of the `id` argument leads to sql injection. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For version 1.0, consider disabling the `id` argument in the manage user.php file as a temporary workaround until a patch is available. Restrict access to the manage user.php file to minimize the risk of exploitation. Avoid using the `id` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Resort Reservation System version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file index.php. The manipulation of the `page` argument leads to file inclusion. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the `page` argument in the index.php file until a patch is available to prevent file inclusion attacks. Restrict access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Free Hospital Management System for Small Practices version 1.0 **Description** A critical issue has been found in the SourceCodester Free Hospital Management System for Small Practices, affecting some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. **Recommendations** For version 1.0, consider restricting access to the /vm/admin/delete-doctor.php endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Free Hospital Management System for Small Practices version 1.0 **Description** A critical vulnerability was found in the SourceCodester Free Hospital Management System for Small Practices. The issue affects an unknown functionality of the file /vm/login.php. The manipulation of the `useremail` and `userpassword` arguments leads to SQL injection. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the login functionality in /vm/login.php until a patch is available. Restrict access to the /vm/login.php file to minimize the risk of exploitation. Avoid using the `useremail` and `userpassword` arguments in the affected file until the issue is resolved.