52Pojie

**Name of the Vulnerable Software and Affected Versions** Biometric Shift Employee Management System (affected versions not specified) **Description** The issue is related to a security problem where an attacker can inject malicious code. This is possible due to the lack of proper input validation in the `holiday name` parameter when performing an `edit holiday` action in the `index.php` file. **Recommendations** As a temporary workaround, consider restricting access to the `index.php` file or the `edit holiday` action until a patch is available. Avoid using the `holiday name` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Biometric Shift Employee Management System (affected versions not specified) **Description** The issue is related to a CSRF flaw in the Biometric Shift Employee Management System. Specifically, it affects the `edit holiday` action in `index.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Biometric Shift Employee Management System (affected versions not specified) **Description** The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to the lack of proper validation of user input in the `expense name` parameter within a specific request to 'index.php?user=expenses'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Biometric Shift Employee Management System (affected versions not specified) **Description** The issue allows for Arbitrary File Download via directory traversal sequences. This is achieved by manipulating the `form file name` parameter in a `download form` action within the `index.php` file. **Recommendations** As a temporary workaround, consider restricting access to the `download form` action in `index.php` to minimize the risk of exploitation. Avoid using the `form file name` parameter in the affected `index.php` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Biometric Shift Employee Management System (affected versions not specified) **Description** The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to the lack of proper validation of user input in the `amount` parameter of a specific request to 'index.php?user=addition deduction'. **Recommendations** As a temporary workaround, consider restricting access to the 'index.php?user=addition deduction' endpoint until a patch is available. Avoid using the `amount` parameter in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Biometric Shift Employee Management System (affected versions not specified) **Description** The issue concerns a security problem where an attacker can execute malicious scripts. This is achieved through the `criteria` parameter in a specific request to 'index.php?user=competency criteria'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Biometric Shift Employee Management System (affected versions not specified) **Description** The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to the lack of proper input validation in the `Last Name` parameter of an "index.php?user=ajax" request, specifically an API endpoint "/index.php?user=ajax". **Recommendations** As a temporary workaround, consider restricting access to the `Last Name` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.