Yan1451

**Nome do Software Vulnerável e Versões Afetadas** Dolibarr ERP CRM versões anteriores a 23.0.3 **Description** Uma falha no Módulo de Assinatura Online permite a verificação inadequada de assinaturas criptográficas. Este problema ocorre na função `dol verifyHash()` localizada na biblioteca `htdocs/core/lib/security.lib.php`. Um invasor remoto pode explorar essa fraqueza, embora o ataque seja considerado altamente complexo e difícil de executar. **Recommendations** Atualize para uma versão posterior a 23.0.2. Como medida paliativa temporária, restrinja o acesso à função `dol verifyHash()` na biblioteca `htdocs/core/lib/security.lib.php` para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Result Management System version 1.0 **Description** A flaw exists in the Student Result Management System that allows for improper access controls. This is due to manipulation of the `File` argument within an unknown function of the `/admin/core/import users.php` file, related to the Bulk Import component. Remote exploitation is possible, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Result Management System version 1.0 **Description** A flaw exists in SourceCodester Student Result Management System 1.0 that can lead to a denial of service. The issue is related to the manipulation of the `ID` argument within the file `/admin/core/drop user.php`. The attack can be carried out remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the file `/admin/core/drop user.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Result Management System version 1.0 **Description** A flaw exists that allows for improper access controls. The issue is located in an unknown function within the `/srms/script/admin/core/update smtp.php` file. This can be initiated remotely. The details of the issue have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** A security issue exists in PHPGurukul Hospital Management System 4.0. Manipulation of the `ID` argument in an unknown function within the `/hms/admin/manage-doctors.php` file can lead to SQL injection. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Apply updates to address the issue in the affected file `/hms/admin/manage-doctors.php`. As a temporary workaround, consider restricting access to the `/hms/admin/manage-doctors.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Hospital Management System version 4.0 **Description** A flaw exists in PHPGurukul Hospital Management System version 4.0 that allows for remote SQL injection. The issue is located in the file '/admin/manage-users.php' and involves manipulation of the `ID` argument. The exploit for this issue has been publicly disclosed. **Recommendations** Apply a fix for PHPGurukul Hospital Management System version 4.0 to address the SQL injection issue in the '/admin/manage-users.php' file.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Beauty Parlour Management System version 1.1 **Description** A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the `/admin/accepted-appointment.php` file. Manipulation of the `delid` argument can trigger the injection. The exploit has been publicly disclosed and may be used to launch remote attacks. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/admin/accepted-appointment.php` file. Sanitize the `delid` input parameter to prevent SQL injection.