Yu_Ji

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A remote SQL injection flaw exists in an unknown function within the '/OnlineClassroom/facultylogin' file. This issue occurs when the `fid` argument is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** As a temporary workaround, restrict access to the '/OnlineClassroom/facultylogin' file or avoid using the `fid` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A remote SQL injection exists in the file '/OnlineClassroom/addnewstudent'. The issue occurs due to the improper manipulation of the `fname` argument, allowing an attacker to execute arbitrary SQL commands. **Recommendations** As a temporary workaround, avoid using the `fname` argument in the '/OnlineClassroom/addnewstudent' file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A SQL injection issue exists in the `/OnlineClassroom/facultydetails` file. Remote attackers can exploit this by manipulating the `deleteid` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or modification of the database. **Recommendations** Avoid using the `deleteid` argument in the `/OnlineClassroom/facultydetails` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A remote SQL injection exists in the file '/OnlineClassroom/studentdetails'. The issue occurs due to the improper handling of the `deleteid` argument, allowing an attacker to execute arbitrary SQL commands. **Recommendations** Restrict access to the '/OnlineClassroom/studentdetails' file or avoid using the `deleteid` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A SQL injection issue exists in the `/OnlineClassroom/studentlogin` file. This occurs when the `sid` argument is manipulated, allowing for remote exploitation. **Recommendations** As a temporary workaround, avoid using the `sid` parameter in the `/OnlineClassroom/studentlogin` endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A SQL injection issue exists due to manipulation of the `fname` argument in the file '/updatedetailsfromstudent.php?eno=146891650'. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions itsourcecode Online Enrollment System version 1.0 Description A weakness exists in itsourcecode Online Enrollment System 1.0. The issue is related to the manipulation of the `deptid` argument in the Parameter Handler component, specifically within the file '/enrollment/index.php?view=edit&id=3', leading to SQL injection. This allows for remote attacks, and an exploit has been publicly released. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Enrollment System version 1.0 **Description** A weakness exists in itsourcecode Online Enrollment System version 1.0 related to the processing of the `/sms/login.php` file. Manipulation of the `user email` argument can lead to SQL injection. This issue is potentially exploitable remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Enrollment System version 1.0 **Description** A security issue exists in itsourcecode Online Enrollment System. A SQL injection can be triggered through manipulation of the `txtsearch`, `deptname`, or `name` arguments in the file '/enrollment/index.php?view=add'. The attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Free Hotel Reservation System version 1.0 **Description** A flaw exists in itsourcecode Free Hotel Reservation System version 1.0, specifically within the file `/hotel/admin/mod reports/index.php`. A manipulation of the `Home` argument can lead to SQL injection. This attack can be performed remotely. The exploit has been published. **Recommendations** Apply any available updates or patches for itsourcecode Free Hotel Reservation System version 1.0. As a temporary workaround, restrict access to the `/hotel/admin/mod reports/index.php` file. Sanitize the `Home` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A flaw exists in code-projects Online Music Site 1.0 that allows for SQL injection. The issue is located in the file `/Administrator/PHP/AdminDeleteCategory.php`. Manipulating the `ID` argument can trigger the injection. The attack can be carried out remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A flaw exists in code-projects Online Music Site 1.0 that allows for remote SQL injection. The issue is located in the file `/Administrator/PHP/AdminEditCategory.php` and involves manipulation of the `ID` argument. The exploit for this issue is publicly available. **Recommendations** Apply a fix to address the SQL injection issue in the `/Administrator/PHP/AdminEditCategory.php` file. Sanitize the `ID` argument to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A security flaw exists in code-projects Online Music Site version 1.0. The issue involves unrestricted upload functionality within the file `/Administrator/PHP/AdminAddAlbum.php`. Manipulation of the `txtimage` argument allows for remote exploitation. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Plugin version 1.0 **Description** A weakness exists in code-projects Plugin that allows for cross site scripting. This issue affects an unknown part of the file `/Administrator/PHP/AdminAddAlbum.php`. Manipulation of the `txtalbum` argument can trigger the attack remotely. The exploit has been made publicly available and could be used for attacks. **Recommendations** code-projects Plugin version 1.0: Address the manipulation of the `txtalbum` argument in the `/Administrator/PHP/AdminAddAlbum.php` file to prevent cross site scripting.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A flaw exists in code-projects Online Music Site 1.0. The issue involves the manipulation of the `ID` argument, leading to SQL injection. This can be exploited remotely through a file located at '/Administrator/PHP/AdminEditUser.php'. The exploit is publicly available. **Recommendations** Apply any available updates to address the issue in the affected file, '/Administrator/PHP/AdminEditUser.php'. As a temporary workaround, restrict access to the file '/Administrator/PHP/AdminEditUser.php' to minimize the risk of exploitation. Avoid using the `ID` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A security issue exists in code-projects Online Music Site 1.0. Manipulation of the `ID` argument in the file `/Administrator/PHP/AdminReply.php` can lead to SQL injection. This issue is remotely exploitable and the exploit has been publicly disclosed. The vulnerable component is an unknown function within the specified file. **Recommendations** Apply a fix to address the SQL injection issue in the `/Administrator/PHP/AdminReply.php` file. As a temporary workaround, restrict access to the `/Administrator/PHP/AdminReply.php` file. Avoid using the `ID` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A security flaw exists in code-projects Online Music Site 1.0. The issue involves a SQL injection impacting an unknown function within the file `/Administrator/PHP/AdminAddCategory.php`. This manipulation can be performed remotely. The exploit is publicly available and may be used for attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.