Zzzxby

**Name of the Vulnerable Software and Affected Versions** code-projects Nero Social Networking Site version 1.0 **Description** A critical vulnerability was found in the code-projects Nero Social Networking Site. This affects an unknown part of the file /index.php. The manipulation of the arguments `fname`, `lname`, `login`, `password2`, `cpassword`, `address`, `cnumber`, `email`, `gender`, `propic`, `month` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the affected arguments (`fname`, `lname`, `login`, `password2`, `cpassword`, `address`, `cnumber`, `email`, `gender`, `propic`, `month`) in the /index.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Bus Reservation System version 1.0 **Description** A critical issue has been found in the system, affecting some unknown functionality of the file /print.php. The manipulation of the `ID` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For code-projects Online Bus Reservation System version 1.0, consider restricting access to the /print.php file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Bus Reservation System version 1.0 **Description** A critical vulnerability was found in the code-projects Online Bus Reservation System. This affects an unknown part of the file /seatlocation.php. The manipulation of the `ID` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/seatlocation.php` file until a patch is available. Avoid using the `ID` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** codeprojects News Publishing Site Dashboard version 1.0 **Description** A critical issue has been identified, affecting the /api.php file. The manipulation of the `cat id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For codeprojects News Publishing Site Dashboard version 1.0, consider restricting access to the `/api.php` file until a patch is available. As a temporary workaround, avoid using the `cat id` argument in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** codeprojects News Publishing Site Dashboard version 1.0 **Description** A critical issue affects the processing of the file `/edit-category.php` of the component "Edit Category Page". The manipulation of the argument `category image` leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `category image` argument in the `/edit-category.php` file until a patch is available. Restrict access to the "Edit Category Page" component to minimize the risk of exploitation. Avoid using the `category image` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.