Dililearngent

**Name of the Vulnerable Software and Affected Versions** Rail Pass Management System version 1.0 **Description** A sql injection issue allows a remote attacker to execute arbitrary code via the `viewid` parameter of the "view-enquiry.php" file. **Recommendations** For Rail Pass Management System version 1.0, avoid using the `viewid` parameter in the "view-enquiry.php" file until the issue is resolved. Consider restricting access to the "view-enquiry.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rail Pass Management System version 1.0 **Description** A sql injection issue allows a remote attacker to execute arbitrary code via the `editid` parameter of the "edit-pass-detail.php" file. This enables the attacker to potentially manipulate database queries, leading to unauthorized access or data modification. **Recommendations** For Rail Pass Management System version 1.0, consider restricting access to the "edit-pass-detail.php" file or disabling the use of the `editid` parameter until a patch is available. Additionally, ensure proper input validation and sanitization to prevent sql injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rail Pass Management System version 1.0 **Description** A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the `adminname` parameter of "admin-profile.php". **Recommendations** For Rail Pass Management System version 1.0, update the software to a version that fixes this issue, or as a temporary workaround, consider restricting access to the "admin-profile.php" endpoint to minimize the risk of exploitation. Avoid using the `adminname` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rail Pass Management System version 1.0 **Description** A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the `emial` parameter of "admin-profile.php". **Recommendations** For Rail Pass Management System version 1.0, avoid using the `emial` parameter in the "admin-profile.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rail Pass Management System version 1.0 **Description** A sql injection issue allows a remote attacker to execute arbitrary code via the `viewid` parameter of the "view-pass-detail.php" file. This enables the attacker to potentially access or modify sensitive data. **Recommendations** For Rail Pass Management System version 1.0, consider restricting access to the "view-pass-detail.php" file until a patch is available. As a temporary workaround, avoid using the `viewid` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rail Pass Management System version 1.0 **Description** A sql injection issue allows a remote attacker to execute arbitrary code via the `editid` parameter of the "edit-cateogry-detail.php" file. **Recommendations** For Rail Pass Management System version 1.0, avoid using the `editid` parameter in the affected "edit-cateogry-detail.php" file until the issue is resolved. As a temporary workaround, consider restricting access to the "edit-cateogry-detail.php" file to minimize the risk of exploitation.