Zakka

**Name of the Vulnerable Software and Affected Versions** giflib version 5.2.2 **Description** A buffer overflow issue exists in giflib version 5.2.2. This flaw is due to the `EGifGCBToExtension` function overwriting an existing Graphic Control Extension block without validating its allocated size. This can lead to a denial of service. **Recommendations** Update giflib to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FantasticLBP Hotels Server versions prior to 67b44df162fab26df209bd5d5d542875fcbec1d0 **Description** A SQL injection issue exists in FantasticLBP Hotels Server. The issue is located in the `/controller/api/OrderList.php` file. Manipulation of the `telephone` argument can lead to SQL injection. The attack can be carried out remotely. The exploit is publicly available. **Recommendations** Versions prior to 67b44df162fab26df209bd5d5d542875fcbec1d0 should be updated. As a temporary workaround, restrict or disable access to the `/controller/api/OrderList.php` file. Avoid using the `telephone` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FantasticLBP Hotels Server versions up to 67b44df162fab26df209bd5d5d542875fcbec1d0 **Description** A flaw exists in FantasticLBP Hotels Server that allows for SQL injection. The issue is located in the file `/controller/api/hotelList.php` and involves manipulation of the `pickedHotelName/type` argument. This allows for remote attacks. The exploit for this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Prison Management System version 2.0 **Description** A flaw exists in code-projects Prison Management System 2.0 related to the processing of the `/admin/search.php` file. Manipulation of the `keyname` argument may lead to SQL injection. This issue can be exploited remotely. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Prison Management System version 2.0 **Description** A security issue exists in code-projects Prison Management System 2.0. The vulnerability is due to the manipulation of the `keyname` argument in the file '/admin/search1.php', which can lead to SQL injection. This allows for remote exploitation. The exploit has been publicly disclosed. The vulnerable function is unknown. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.