Zhenyu Xiao

**Name of the Vulnerable Software and Affected Versions** Simple Ticket Booking version 1.0 **Description** A critical issue has been found in the Login component of the affected software, specifically in the file adminauthenticate.php. The manipulation of the `email` and `password` arguments leads to SQL injection. This issue can be exploited remotely. **Recommendations** For version 1.0, consider disabling the Login component until a patch is available to prevent SQL injection attacks. Restrict access to the adminauthenticate.php file to minimize the risk of exploitation. Avoid using the `email` and `password` arguments in the affected Login component until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: A critical issue has been identified in the Tailoring Management System, affecting the setgeneral.php file. This issue is related to the lack of protection against SQL query structure manipulation, which can lead to SQL injection. The manipulation of the `sitename`, `email`, `mobile`, `sms`, and `currency` arguments can initiate a remote attack, potentially allowing an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause a denial of service by sending specially crafted requests. Recommendations: For Tailoring Management System version 1.0, as a temporary workaround, consider restricting access to the setgeneral.php file and avoiding the use of the `sitename`, `email`, `mobile`, `sms`, and `currency` parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.