Ahmed8199

Name of the Vulnerable Software and Affected Versions: PMWeb version 7.2.0 Description: A problem has been detected in the Setting Handler component, leading to weak password requirements. The attack can be initiated remotely and has a high complexity, making exploitation difficult. The exploit has been made public and can be used. It is recommended to change the configuration settings to mitigate the issue. The vendor was contacted about this disclosure but did not respond. Recommendations: To resolve the issue in PMWeb version 7.2.0, change the configuration settings to enforce stronger password requirements. As a temporary workaround, consider restricting access to the Setting Handler component until a more permanent solution is available.

**Name of the Vulnerable Software and Affected Versions** PMWeb version 7.2.00 **Description** A vulnerability has been found in the Web Application Firewall component, which can be exploited to lead to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For PMWeb version 7.2.00, as a temporary workaround, consider disabling the Web Application Firewall component until a patch is available. Restrict access to the web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smart Office versions up to 20240405 **Description** A vulnerability was found in the file Main.aspx, where the manipulation of the `New Password/Confirm Password` argument with the input `1` leads to weak password requirements. The attack can be launched remotely, with a rather high complexity and difficult exploitability. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 20240405, consider temporarily restricting the use of the `New Password/Confirm Password` argument until a patch is available. As a mitigation measure, ensure strong password requirements are enforced to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Job Portal version 1.0 **Description** A vulnerability was found in the SourceCodester Online Job Portal, affecting some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the `Address` argument leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the functionality related to the /Employer/EditProfile.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `Address` argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Job Portal version 1.0 **Description** A problematic vulnerability was found in the Manage Walkin Page component, specifically in the file /Employer/ManageWalkin.php. The issue arises from the manipulation of the `Job Title` argument, leading to cross-site scripting. This can be initiated remotely. **Recommendations** For SourceCodester Online Job Portal version 1.0, consider restricting access to the /Employer/ManageWalkin.php file until a patch is available. As a temporary workaround, avoid using the `Job Title` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Job Portal version 1.0 **Description** A vulnerability has been found in the Manage Job Page component, specifically in the file /Employer/ManageJob.php. The manipulation of the `Qualification/Description` argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `Qualification/Description` argument in the /Employer/ManageJob.php file until a patch is available. Restrict access to the Manage Job Page component to minimize the risk of exploitation. Avoid using the `Qualification/Description` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A vulnerability was found in the processing of the file signup teacher.php, where the manipulation of the argument `Password` leads to weak password requirements. The attack may be initiated remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider implementing stronger password requirements to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the `Password` argument in the signup teacher.php file until a more secure solution is implemented.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A vulnerability was found in the File Upload Handler component, which can lead to resource consumption. The manipulation can be launched remotely. The issue has been disclosed to the public. **Recommendations** For version 1.0, consider disabling the File Upload Handler component until a patch is available to prevent potential resource consumption attacks. Restrict access to the component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A vulnerability was found in the software, affecting an unknown functionality. The manipulation leads to a sensitive cookie without a secure attribute. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider updating to a newer version that addresses the issue of sensitive cookies without secure attributes, as a temporary workaround, restrict access to sensitive cookies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A problem was found in the software, affecting some unknown functionality, which can lead to session expiration when manipulated. The issue can be exploited remotely, but the complexity of an attack is rather high, making exploitation difficult. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A problematic issue has been discovered, affecting an unknown part of the system. This issue leads to session fixation and can be initiated remotely. The complexity of an attack is rather high, and the exploitability is difficult. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Online Job Portal version 1.0 **Description** A problematic issue was found in the Create News Page component, specifically in the /Admin/News.php file. The manipulation of the `News` argument with malicious input, such as `</title><scRipt>alert(0x00C57D)</scRipt>`, leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For Online Job Portal version 1.0, as a temporary workaround, consider restricting access to the /Admin/News.php file and the Create News Page component to minimize the risk of exploitation. Avoid using the `News` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A problematic vulnerability was found in the Password Change component of the SourceCodester Engineers Online Portal. The issue affects an unknown function of the file change password teacher.php and leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider restricting access to the change password teacher.php file until a patch is available. As a temporary workaround, avoid using the Password Change component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, affecting some unknown processing of the file add quiz.php of the component Quiz Handler. The manipulation of the argument `Quiz Title/Quiz Description` with the input `</title><scRipt>alert(x)</scRipt>` leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `add quiz.php` file or restricting access to the Quiz Handler component until a patch is available. Avoid using the `Quiz Title/Quiz Description` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, affecting an unknown part of the file `change password teacher.php`. This issue leads to weak password requirements. The attack can be initiated remotely, with a rather high complexity and difficult exploitability. The exploit has been disclosed to the public. **Recommendations** For RRJ Nueva Ecija Engineer Online Portal version 1.0, consider implementing stronger password requirements to mitigate the risk of exploitation. As a temporary workaround, restrict access to the `change password teacher.php` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A vulnerability has been found in the RRJ Nueva Ecija Engineer Online Portal, affecting the file teacher message.php of the component Create Message Handler. The manipulation of the argument `Content` with the input `</title><scRipt>alert(x)</scRipt>` leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For RRJ Nueva Ecija Engineer Online Portal version 1.0, as a temporary workaround, consider disabling the `Create Message Handler` component until a patch is available. Restrict access to the `teacher message.php` file to minimize the risk of exploitation. Avoid using the `Content` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, which has been classified as problematic. The issue affects an unknown function of the file /admin/uploads/. This manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. **Recommendations** For RRJ Nueva Ecija Engineer Online Portal version 1.0, consider restricting access to the /admin/uploads/ directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A critical vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, affecting an unknown functionality of the file downloadable.php of the component Add Downloadable. This vulnerability leads to unrestricted upload and can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For RRJ Nueva Ecija Engineer Online Portal version 1.0, consider disabling the downloadable.php file or restricting access to the Add Downloadable component until a patch is available. As a temporary workaround, restrict the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, affecting unknown code of the file /admin/edit teacher.php of the component Add Enginer. The manipulation of the argument `Firstname/Lastname` leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `Add Enginer` component until a patch is available. Restrict access to the `/admin/edit teacher.php` file to minimize the risk of exploitation. Avoid using the `Firstname/Lastname` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RRJ Nueva Ecija Engineer Online Portal version 1.0 **Description** A vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, affecting an unknown part of the file `/admin/students.php` of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For RRJ Nueva Ecija Engineer Online Portal version 1.0, as a temporary workaround, consider restricting access to the `/admin/students.php` file until a patch is available. Avoid using this file in a way that could lead to cross site scripting until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.