Zhuque

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** SQL injection can be initiated remotely via the '/ajax.php?action=delete product' endpoint. The issue occurs when the `ID` argument is manipulated, allowing for unauthorized database queries. **Recommendations** Update SourceCodester Pharmacy Sales and Inventory System version 1.0 to a version that addresses this issue. As a temporary workaround, restrict access to the '/ajax.php?action=delete product' endpoint or avoid using the `ID` parameter until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A cross-site scripting issue exists in the '/index.php?page=types' endpoint. A remote attacker can execute the attack by manipulating the `ID` argument. Cross-site scripting is a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.