Yorklee

**Name of the Vulnerable Software and Affected Versions** Food Ordering Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. This vulnerability allows for potential SQL injection attacks. **Recommendations** For Food Ordering Management System version 1.0, as a temporary workaround, consider restricting access to the /foms/all-orders.php component until a patch is available. Avoid using the `status` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Canteen Management System Project version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the component /youthappam/add-food.php. **Recommendations** For Canteen Management System Project version 1.0, consider restricting access to the /youthappam/add-food.php component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Tours & Travels Management System version 1.0 **Description** The issue is related to an arbitrary file upload vulnerability in the /operations/travellers.php component. This allows attackers to execute arbitrary code via a crafted PHP file. **Recommendations** For Online Tours & Travels Management System version 1.0, consider disabling the file upload functionality in the /operations/travellers.php component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using this component to upload files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Diagnostic Lab Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/classes/Users.php?f=delete client" API endpoint. **Recommendations** For Online Diagnostic Lab Management System version 1.0, consider restricting access to the `/classes/Users.php?f=delete client` API endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Diagnostic Lab Management System version 1.0 **Description** The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL queries using the `id` parameter at the "/classes/Master.php?f=delete appointment" endpoint. **Recommendations** For Online Diagnostic Lab Management System version 1.0, consider restricting access to the "/classes/Master.php?f=delete appointment" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.