Yihaofuweng

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Inventory System version 1.0 **Description** A security flaw exists due to the manipulation of the `editBrandName` argument in the processing of the file '/brand.php', leading to a SQL injection. The attack can be executed remotely. The exploit has been released publicly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Simple Inventory System version 1.0 **Description** A flaw exists in SourceCodester Simple Inventory System 1.0. The issue involves the manipulation of the `uemail` argument within an unknown function of the /user.php file, leading to a SQL injection condition. This allows for remote exploitation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Event Judging System version 1.0 **Description** A vulnerability exists in the processing of the `/create account.php` file. Manipulation of the `fname` argument causes SQL injection, allowing for remote exploitation. The exploit has been publicly disclosed. Other parameters may also be affected. **Recommendations** As a temporary workaround, consider restricting access to the `/create account.php` file until a fix is available. Sanitize the `fname` parameter to prevent SQL injection. Review and sanitize all other parameters used in the `/create account.php` file to identify and address potential vulnerabilities.