Divya Jain

**Name of the Vulnerable Software and Affected Versions** SITEMAKIN SLAC (Site Login and Access Control) version 1.0 **Description** An issue was discovered in the software. The parameter `my item search` in the users.php file is exploitable using SQL injection. **Recommendations** For version 1.0, avoid using the parameter `my item search` in the affected users.php file until the issue is resolved. As a temporary workaround, consider restricting access to the users.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EasyService Billing version 1.0 **Description** A CSRF issue was discovered, which can be triggered via a "quotation-new3-new2.php?add=true&id=" URI, allowing an attacker to add a new quotation. **Recommendations** For EasyService Billing version 1.0, as a temporary workaround, consider restricting access to the "quotation-new3-new2.php" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** EasyService Billing version 1.0 **Description** The issue affects the `q` parameter in jobcard-ongoing.php, where a Cross-site Scripting problem has been identified. **Recommendations** For EasyService Billing version 1.0, avoid using the `q` parameter in the affected jobcard-ongoing.php file until a fix is available. As a temporary workaround, consider restricting access to jobcard-ongoing.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EasyService Billing version 1.0 **Description** A SQL Injection issue was observed in the parameter `q` in the jobcard-ongoing.php file. **Recommendations** For EasyService Billing version 1.0, avoid using the parameter `q` in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EasyService Billing version 1.0 **Description** A CSRF issue was found on the "system-settings-user-new2.php" page, specifically the User Add/System Settings Page, allowing a user to be added with the Admin role. **Recommendations** For EasyService Billing version 1.0, consider restricting access to the "system-settings-user-new2.php" page to prevent unauthorized additions of users with the Admin role. As a temporary workaround, restrict the ability to add new users until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** MakeMyTrip version 7.2.4 **Description** An issue in the application allows for sensitive information disclosure due to the lack of encryption of locally stored databases. The databases contain cleartext data, which can be accessed through specific files, such as `data/com.makemytrip/databases` and `data/com.makemytrip/Cache` SQLite database files. **Recommendations** For version 7.2.4, consider encrypting the locally stored databases to prevent sensitive information disclosure. As a temporary workaround, restrict access to the `data/com.makemytrip/databases` and `data/com.makemytrip/Cache` directories to minimize the risk of exploitation.