Angelkate

**Name of the Vulnerable Software and Affected Versions** Chamilo LMS versions up to 2.0.0 Beta 1 **Description** A security flaw exists in Chamilo LMS that allows for remote unauthorized access due to improper authorization. The issue is located within the `deleteLegal` function of the Legal Consent Handler component, specifically in the file src/CoreBundle/Controller/SocialController.php. Manipulation of the `userId` argument can lead to unauthorized actions. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 2.0.0 Beta 1 should be used. As a temporary workaround, consider restricting access to the `deleteLegal()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Course Registration System versions up to 3.1 **Description** A flaw exists in PHPGurukul Online Course Registration System that allows for SQL injection. The issue is located in the `/enroll.php` file. Manipulating the `studentregno`, `Pincode`, `session`, `department`, `level`, `course`, or `sem` arguments can trigger the injection. This attack can be carried out remotely. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 3.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Course Registration System versions prior to 3.1 **Description** A flaw exists in PHPGurukul Online Course Registration System that allows for SQL injection. The issue is located in the file '/onlinecourse/admin/manage-students.php' and involves manipulation of the `id` or `cid` argument. This manipulation can lead to SQL injection, and the attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.1 should be updated.