Doraemon Sk8Ers

**Name of the Vulnerable Software and Affected Versions** SimpleHRM versions 2.3, 2.2, and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` parameter to "index.php/user/setLogin". This is a SQL injection vulnerability in the login page, specifically in the file flexycms/modules/user/user manager.php. **Recommendations** For SimpleHRM versions 2.3, 2.2, and earlier, consider disabling the login functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP Address Book version 8.2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities via unspecified parameters to API endpoints such as "edit.php" or "import.php". **Recommendations** For PHP Address Book version 8.2.5, consider restricting access to the `edit.php` and `import.php` API endpoints until a patch is available. Avoid using unspecified parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Address Book version 8.2.5 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `Address` field in edit.php. This can be exploited by user-assisted attacks. **Recommendations** For PHP Address Book version 8.2.5, update the software to a version that fixes this issue, ensuring that user input in the `Address` field is properly sanitized to prevent XSS attacks.