Yuki77

**Name of the Vulnerable Software and Affected Versions** SourceCodester Train Station Ticketing System version 1.0 **Description** A flaw exists in SourceCodester Train Station Ticketing System. The issue affects unknown code within the `/ajax.php?action=save user` file. Manipulation of the `Username` argument can lead to SQL injection. The attack can be launched remotely. An exploit has been published. **Recommendations** Apply any available updates to address the issue. As a temporary workaround, restrict or carefully validate the `Username` input to the `/ajax.php?action=save user` endpoint.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Interview Management System version 1.0 **Description** A security flaw exists in SourceCodester Interview Management System 1.0. The manipulation of the `Question` argument in the file `/editQuestion.php` can lead to cross site scripting. This attack can be launched remotely. The exploit has been released publicly. **Recommendations** Apply any available updates to address the issue in the `/editQuestion.php` file. As a temporary workaround, consider restricting or validating the `Question` parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Train Station Ticketing System version 1.0 **Description** A SQL injection weakness exists in the Train Station Ticketing System. This issue is related to the manipulation of the `Username` argument within the login functionality, specifically through the file '/ajax.php?action=login'. The attack can be initiated remotely, and an exploit has been publicly released. **Recommendations** Apply any available updates to address this vulnerability. As a temporary workaround, consider restricting access to the `/ajax.php?action=login` endpoint. Sanitize the `Username` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Train Station Ticketing System version 1.0 **Description** A security issue exists in SourceCodester Train Station Ticketing System 1.0. The issue involves a SQL injection point within the application, specifically through manipulation of the file `/ajax.php?action=save ticket`. This allows for remote attacks. The exploit for this issue has been publicly disclosed. The vulnerable functionality involves the `action` parameter within the `/ajax.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Train Station Ticketing System version 1.0 **Description** A flaw exists in SourceCodester Train Station Ticketing System version 1.0 that allows for remote manipulation. Specifically, altering the `id`/`station` argument within the `/ajax.php?action=save station` file can lead to SQL injection. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Ordering System version 1.0 **Description** A flaw exists in SourceCodester Food Ordering System 1.0 that allows for SQL injection. The issue is located in the `/view-ticket.php` file, specifically through manipulation of the `ID` parameter. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** Sanitize the `ID` parameter in the `/view-ticket.php` file to prevent SQL injection attacks. As a temporary workaround, restrict access to the `/view-ticket.php` file until a proper fix can be implemented.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Ordering System version 1.0 **Description** A SQL injection issue exists in SourceCodester Food Ordering System 1.0. The issue is located in an unknown functionality within the `/routers/edit-orders.php` file. Manipulating the `ID` parameter can lead to SQL injection. The attack can be launched remotely, and the exploit has been publicly released. **Recommendations** SourceCodester Food Ordering System version 1.0: Address the SQL injection issue in the `/routers/edit-orders.php` file by sanitizing or validating the `ID` parameter to prevent malicious code execution.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Baby Care System version 1.0 **Description** A SQL injection issue exists in SourceCodester Baby Care System 1.0. The issue affects functionality within the `/admin.php?id=inbox` file. Manipulation of the `msgid` argument can lead to SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Sanitize or validate the `msgid` parameter in the `/admin.php?id=inbox` file to prevent SQL injection. As a temporary workaround, restrict access to the `/admin.php?id=inbox` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Baby Care System version 1.0 **Description** A flaw exists in SourceCodester Baby Care System 1.0 that allows for SQL injection. This issue affects an unknown part of the file `/updatewelcome.php?id=siteoptions&action=welcome`. Manipulation of the `roleid` parameter can lead to SQL injection, and the attack can be launched remotely. The exploit is publicly available. **Recommendations** Update to a newer version of SourceCodester Baby Care System that addresses this vulnerability. As a temporary workaround, restrict access to the `/updatewelcome.php` file. Sanitize the `roleid` parameter before using it in any database queries.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Interview Management System version 1.0 **Description** A security flaw exists in SourceCodester Interview Management System version 1.0. The issue involves a SQL injection impacting the file '/addCandidate.php'. Manipulation of the `candName` parameter can lead to SQL injection, and the attack can be launched remotely. The exploit has been publicly released and may be exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.