Zhang Qi

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Basic Library System version 1.0 **Description** An issue exists where the application is susceptible to SQL Injection, a technique that allows an attacker to interfere with the queries that an application makes to its database. This occurs in the endpoint '/librarysystem/load book.php'. **Recommendations** As a temporary workaround, restrict access to the endpoint '/librarysystem/load book.php' to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Basic Library System version 1.0 **Description** An issue exists where the application is susceptible to SQL Injection, a technique that allows an attacker to interfere with the queries that an application makes to its database. This occurs at the endpoint '/librarysystem/load student.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Student Alumni System version 1.0 **Description** The Simple Student Alumni System is susceptible to SQL Injection. This issue affects the `/TracerStudy/recordteacher view.php` script when handling the `teacherID` parameter. Exploitation may allow an attacker to manipulate database queries, potentially leading to unauthorized access, data modification, or system compromise. **Recommendations** Apply appropriate input validation and sanitization techniques to the `teacherID` parameter in the `/TracerStudy/recordteacher view.php` script. Consider using parameterized queries or prepared statements to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Student Alumni System version 1.0 **Description** The software contains a SQL Injection flaw in the `/TracerStudy/recordteacher edit.php` file. The vulnerability exists due to insufficient sanitization of user-supplied input. The vulnerable parameter is not specified. The `recordteacher edit.php` file is susceptible to exploitation via crafted input. **Recommendations** Apply input validation and parameterized queries to the `/TracerStudy/recordteacher edit.php` file to prevent SQL Injection.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Personnel Property Equipment System version 1.0 **Description** The software is susceptible to SQL Injection through the `/ppes/admin/edit tecnical user.php` endpoint. The vulnerability allows for potential unauthorized access or modification of data. The vulnerable parameter is not specified. **Recommendations** Apply appropriate input validation and sanitization techniques to the `/ppes/admin/edit tecnical user.php` endpoint to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** sourcecodester Personnel Property Equipment System version 1.0 **Description** The software is susceptible to SQL Injection in the '/ppes/admin/edit employee.php' endpoint. The vulnerability exists due to insufficient input validation when processing data submitted to this endpoint. The vulnerable parameter is not explicitly identified. **Recommendations** Apply appropriate input validation and sanitization techniques to all data submitted to the '/ppes/admin/edit employee.php' endpoint.