Bhavesh Kushwah

**Name of the Vulnerable Software and Affected Versions** Online Food Ordering System version 1.0 **Description** A Cross-Site Request Forgery (CSRF) issue allows attackers to change user details and credentials via a crafted POST request. **Recommendations** For Online Food Ordering System version 1.0, consider implementing proper CSRF token validation to prevent attackers from changing user details and credentials. As a temporary workaround, restrict access to sensitive user information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BP Monitoring Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `emailid` parameter in the login page. **Recommendations** For BP Monitoring Management System version 1.0, consider restricting access to the login page or disabling the `emailid` parameter until a patch is available. As a temporary workaround, avoid using the `emailid` parameter in the login page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.