Hackerfactory

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 1.0 **Description** A security flaw exists in PHPGurukul Hospital Management System 1.0, specifically within the Admin Dashboard Page component, related to improper authorization. The issue is located in the file `/hms/hospital/docappsystem/adminviews.py`. Manipulation of some unknown functionality allows for remote exploitation. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul News Portal version 1.0 **Description** A flaw exists in the Profile Pic Handler component that allows for unrestricted file uploads. This issue can be triggered remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Staff Leave Management System version 1.0 **Description** A flaw exists in PHPGurukul Staff Leave Management System 1.0 related to cross-site scripting. The issue is located in the `ADD STAFF/UPDATE STAFF` function within the `/staffleave/slms/slms/adminviews.py` file, specifically within the SVG File Handler component. Manipulation of the `profile pic` argument can trigger the issue. The attack can be executed remotely, and an exploit has been published. **Recommendations** PHPGurukul Staff Leave Management System version 1.0: As a temporary workaround, consider restricting access to the `ADD STAFF/UPDATE STAFF` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Course Registration versions up to 3.1 **Description** A flaw exists in PHPGurukul Online Course Registration that allows for unrestricted file uploads. This issue is related to the processing of the `/admin/edit-student-profile.php` file within the Student Registration Page component. Specifically, manipulating the `photo` argument enables the upload of arbitrary files. The attack can be initiated remotely, and details of an exploit have been publicly disclosed. **Recommendations** Versions prior to 3.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Course Registration versions up to 3.1 **Description** A flaw exists in PHPGurukul Online Course Registration that results in missing authorization. This issue affects an unknown function and allows for remote exploitation. The exploit has been published. **Recommendations** Versions prior to 3.2 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** PHPGurukul Small CRM versão 4.0 **Descrição** Existe uma falha de segurança no PHPGurukul Small CRM 4.0, que impacta uma função desconhecida dentro do arquivo `/admin/edit-user.php`. Isso permite a ausência de autorização, possibilitando ataques remotos. O exploit para este problema foi divulgado publicamente. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.