Z1Pwn

**Name of the Vulnerable Software and Affected Versions** School Activity Updates with SMS Notification version 1.0 **Description** A SQL injection issue was discovered via the `id` parameter at the "/modules/announcement/index.php?view=edit&id=" endpoint. This allows for potential exploitation of the SQL database. **Recommendations** For School Activity Updates with SMS Notification version 1.0, consider restricting access to the `/modules/announcement/index.php?view=edit&id=` endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point in the Editing function of the User module. This is achieved by exploiting an arbitrary file upload vulnerability. **Recommendations** For Online Pet Shop We App version 1.0, consider disabling the Editing function in the User module or restricting the file types that can be uploaded through the picture upload point until a patch is available. Avoid using the picture upload feature in the User module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point in the Editing function of the Product List module. This is due to an arbitrary file upload vulnerability. **Recommendations** For Online Pet Shop We App version 1.0, consider disabling the Editing function in the Product List module or restricting the types of files that can be uploaded through the picture upload point until a patch is available. Avoid using the picture upload feature in the Editing function of the Product List module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Library Management System version 1.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability is present in the /librarian/edit book details.php component. Cross-site scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For Library Management System version 1.0, consider disabling access to the /librarian/edit book details.php component until a patch is available to prevent potential exploitation of the XSS vulnerability.