Yongjie Feng

**Name of the Vulnerable Software and Affected Versions** SourceCodester Point of Sales version 1.0 **Description** A flaw exists in SourceCodester Point of Sales 1.0 where manipulation of the `Username` argument in the file '/index.php' can lead to SQL injection. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Point of Sales version 1.0 **Description** A SQL injection issue exists due to improper processing of the `Category` argument in the `/category.php` file. Remote attackers can exploit this to potentially compromise the system. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Point of Sales version 1.0 **Description** A security flaw exists in SourceCodester Point of Sales version 1.0. The issue involves a SQL injection affecting an unknown function within the `/delete category.php` file. Manipulation of the `ID` argument allows for remote exploitation. The exploit has been publicly released. **Recommendations** For SourceCodester Point of Sales version 1.0, restrict or disable the use of the `/delete category.php` file as a temporary mitigation. Avoid using the `ID` parameter in the affected API endpoint until the issue is resolved.