4Xpl0R3R

Name of the Vulnerable Software and Affected Versions: Node.js (affected versions not specified) Description: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors; however, operations such as `fs.fchown` or `fs.fchmod` can use a "read-only" file descriptor to change the owner and permissions of a file. This issue is related to shortcomings in access control. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rust (affected versions not specified) **Description** The issue is related to the std::process::Command component of the Rust programming language on Windows operating systems. It involves the injection or modification of arguments, potentially allowing an attacker to execute arbitrary code by calling user batch files with .bat and .cmd extensions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** follow-redirects versions prior to 1.15.6 **Description** The issue is related to insufficient protection of sensitive data in the follow-redirects module, which is a drop-in replacement for Node's `http` and `https` modules. This module automatically follows redirects but only clears the authorization header during cross-domain redirects, keeping the proxy-authentication header that contains credentials. This may lead to credentials leak. There are no known workarounds for this issue. **Recommendations** For versions prior to 1.15.6, upgrade to version 1.15.6 to address the issue. As a temporary workaround, consider removing the proxy-authentication header during cross-domain redirects.

**Name of the Vulnerable Software and Affected Versions** Student Information Chatbot version a0196ab **Description** The issue allows SQL injection via the `username` to the `login` function in `index.php`. This can potentially lead to unauthorized access to sensitive data. **Recommendations** For version a0196ab, consider disabling the `login` function in `index.php` until a patch is available to prevent SQL injection via the `username`. Restrict access to the `index.php` file to minimize the risk of exploitation. Avoid using the `username` variable in the affected login function until the issue is resolved.