Z178

**Name of the Vulnerable Software and Affected Versions** AMTT Hotel Broadband Operation System version 1.0 **Description** A flaw exists in AMTT Hotel Broadband Operation System version 1.0 that allows for SQL injection. Manipulation of the `uid` argument in the file '/user/portal/get firstdate.php' through an unknown function can lead to exploitation. The attack can be launched remotely. An exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Farm Management System version 1.0 **Description** A weakness exists in SourceCodester Farm Management System 1.0. The issue involves the manipulation of the `pid` argument in an unknown function within the `/review.php` file, leading to a SQL injection condition. Remote exploitation is possible, and the exploit has been publicly released. **Recommendations** SourceCodester Farm Management System version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.