Yash Mehta

**Name of the Vulnerable Software and Affected Versions** AuroMeera Technometrix Pvt. Ltd. eMLi versions 1.0 **Description** The issue allows an attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the "page" parameter to "code/student portal/home.php". **Recommendations** For version 1.0, consider restricting access to the "code/student portal/home.php" endpoint to minimize the risk of exploitation. Avoid using the `page` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** eMLi School Management version 1.0 eMLi College Campus Management version 1.0 eMLi University Management version 1.0 **Description** The issue allows an attacker to view restricted information or execute powerful commands on the web server, potentially leading to a full system compromise via Directory Path Traversal. This can be demonstrated by reading core-emli/Storage. **Recommendations** For eMLi School Management version 1.0, restrict access to sensitive directories to minimize the risk of exploitation. For eMLi College Campus Management version 1.0, consider implementing proper input validation and sanitization to prevent Directory Path Traversal attacks. For eMLi University Management version 1.0, limit the execution of powerful commands on the web server to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.