Yudeshui

**Name of the Vulnerable Software and Affected Versions** code-projects Currency Exchange System version 1.0 **Description** A security flaw exists in code-projects Currency Exchange System version 1.0. The issue involves a SQL injection that can be triggered by manipulating the `ID` argument in the `/editotheraccount.php` file through an unknown function. This allows for remote exploitation. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A SQL injection issue exists in an unknown functionality of the `/delete book.php` file. Manipulating the `book id` argument can lead to successful exploitation. The attack can be initiated remotely and the exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A flaw exists in projectworlds Advanced Library Management System that allows for SQL injection. This issue is related to an unknown functionality within the `/member search.php` file. Manipulation of the `roll number` argument can lead to a successful attack, which can be launched remotely. An exploit for this issue has been published. **Recommendations** Apply any available updates or patches to address the vulnerability in the affected file. As a temporary workaround, consider restricting or carefully validating the `roll number` argument in the `/member search.php` file to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Currency Exchange System version 1.0 **Description** A SQL injection issue exists in Currency Exchange System 1.0. The issue is located in the file '/edit.php', where manipulation of the `ID` argument can lead to SQL injection. The attack can be carried out remotely. The exploit for this issue has been publicly released. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Currency Exchange System version 1.0 **Description** A flaw exists in code-projects Currency Exchange System 1.0 where manipulation of the `ID` argument in the `/viewserial.php` file can lead to SQL injection. This issue is remotely exploitable and an exploit has been publicly disclosed. The vulnerability involves unknown processing of the file. **Recommendations** Versions prior to 1.0 should be updated. As a temporary workaround, restrict access to the `/viewserial.php` file to minimize the risk of exploitation. Avoid using the `ID` parameter in the `/viewserial.php` API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Currency Exchange System version 1.0 **Description** A SQL injection issue exists in Currency Exchange System version 1.0. Manipulation of the `ID` argument in the `/edittrns.php` file can lead to SQL injection. This attack can be performed remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student Clearance System version 1.0 **Description** A flaw exists in the system that could allow improper authorization. This issue stems from manipulating the `ID` argument within an unknown function of the file '/Admin/delete-fee.php' of the Fee Table Handler component. The attack can be carried out remotely, and details of the exploit have been publicly disclosed. **Recommendations** Apply a fix to address the improper authorization issue in the file '/Admin/delete-fee.php'.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A security issue exists in projectworlds Advanced Library Management System. Manipulation of the `user id` argument in the `/delete member.php` file, through an unknown function, can lead to SQL injection. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** Apply a fix to address the SQL injection issue in the `/delete member.php` file. As a temporary workaround, restrict or carefully validate the `user id` parameter used in the `/delete member.php` file.

**Name of the Vulnerable Software and Affected Versions** Code-Projects Library System version 1.0 **Description** A SQL injection issue exists due to the manipulation of the `ID` argument. This can be exploited remotely through the `/return.php` file. The issue affects an unknown function. The exploit has been publicly released. **Recommendations** As a temporary workaround, consider restricting or disabling access to the `/return.php` file until a fix is available. Avoid using the `ID` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Code-Projects Library System version 1.0 **Description** A flaw exists in Code-Projects Library System 1.0 that allows for SQL injection. The issue is located in the `/mail.php` file, specifically through manipulation of the `ID` argument. This manipulation can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Jonnys Liquor version 1.0 **Description** A security flaw exists in code-projects Jonnys Liquor 1.0, specifically within the GET Parameter Handler component. Manipulation of the `Product` argument in the `/detail.php` file can lead to a SQL injection. Remote exploitation is possible, and the exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Question Paper Generator version 1.0 **Description** A flaw exists in code-projects Question Paper Generator 1.0 related to the POST Parameter Handler component and the `/signupscript.php` file. Manipulation of the `Fname` argument can result in SQL injection. This issue is remotely exploitable, and details about the exploit are publicly available. **Recommendations** Apply any available updates or patches to address the SQL injection issue in the `/signupscript.php` file. As a temporary workaround, consider sanitizing the `Fname` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Code-Projects Library System version 1.0 **Description** A SQL injection issue exists in the Login component of the software. The issue is located in the `/index.php` file and involves manipulation of the `Username` argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.