Zulu

**Name of the Vulnerable Software and Affected Versions** itsourcecode Electronic Judging System version 1.0 **Description** A SQL injection issue exists in the `/admin/delete judge.php` endpoint. Remote attackers can exploit this by manipulating the `judge id` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or modification of the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/admin/delete judge.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pharmacy Sales and Inventory System version 1.0 **Description** A cross-site scripting issue exists in the '/index.php?page=product' file. A remote attacker can trigger this by manipulating the `ID` argument. Cross-site scripting is a flaw that allows attackers to inject malicious scripts into web pages viewed by other users. **Recommendations** As a temporary workaround, avoid using the `ID` parameter in the '/index.php?page=product' endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A security issue exists in code-projects Simple IT Discussion Forum 1.0 related to the processing of the `/admin/user.php` file. Manipulation of the `fname` argument can lead to cross site scripting. The attack can be performed remotely and the exploit has been publicly disclosed. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection flaw exists in the /delete-category.php file of Simple IT Discussion Forum version 1.0. Manipulation of the `cat id` argument can trigger the injection. The attack can be initiated remotely. The exploit is publicly available. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /delete-category.php file.