Zhonglouguairen

**Name of the Vulnerable Software and Affected Versions** code-projects Online Event Judging System version 1.0 **Description** A flaw exists in code-projects Online Event Judging System 1.0 that allows for SQL injection. The issue is located in the `/edit criteria.php` file, specifically through manipulation of the `crit id` argument. This can be exploited remotely. The details of the exploit have been publicly disclosed. **Recommendations** Apply any available updates or patches for code-projects Online Event Judging System version 1.0. As a temporary workaround, restrict access to the `/edit criteria.php` file. Sanitize the `crit id` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Event Judging System version 1.0 **Description** A flaw exists in code-projects Online Event Judging System 1.0 that allows for remote SQL injection. The issue is located in the file `/edit judge.php` within an unknown function. Manipulating the `judge id` argument can trigger the injection. The exploit is publicly available. **Recommendations** Apply any available updates to address the SQL injection issue in the `/edit judge.php` file. As a temporary workaround, restrict access to the `/edit judge.php` file. Sanitize the `judge id` argument to prevent SQL injection attacks.