Rtnthakur

**Nome do Software Vulnerável e Versões Afetadas** PHPGurukul User Registration & Login and User Management System versão 3.3 **Descrição** Existe uma vulnerabilidade de Cross-Site Scripting (XSS) Refletido no arquivo loginsystem/edit-profile.php. Isso permite que atacantes remotos executem código JavaScript arbitrário por meio dos parâmetros `fname`, `lname` e `contact`. **Recomendações** Atualize para uma versão mais recente que contenha a correção para esta vulnerabilidade.

Name of the Vulnerable Software and Affected Versions: PHPGurukul Dairy Farm Shop Management System version 1.3 Description: A SQL injection issue was discovered, allowing remote attackers to execute arbitrary SQL code. This is achieved via the `category` and `categorycode` parameters in a POST request to the "manage-categories.php" file. Recommendations: For PHPGurukul Dairy Farm Shop Management System version 1.3, consider restricting access to the "manage-categories.php" file until a patch is available, and avoid using the `category` and `categorycode` parameters in this context to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PHPGurukul Dairy Farm Shop Management System version 1.3 Description: A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the `companyname` parameter in a POST request to the "/manage-companies.php" endpoint. Recommendations: For PHPGurukul Dairy Farm Shop Management System version 1.3, consider disabling the `manage-companies.php` file or restricting access to it until a patch is available. Additionally, avoid using the `companyname` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.