Chenjunjie

**Name of the Vulnerable Software and Affected Versions** Campcodes Recruitment Management System version 1.0 **Description** A security flaw has been discovered that allows for remote file inclusion. The flaw impacts the `include` function of the file `/admin/index.php`. Manipulation of the `page` argument results in the vulnerability. The exploit has been released to the public. **Recommendations** As a temporary workaround, restrict access to the `/admin/index.php` file.

Name of the Vulnerable Software and Affected Versions: Campcodes Payroll Management System version 1.0 Description: A weakness has been identified in Campcodes Payroll Management System 1.0. The manipulation of the `page` argument in the `/index.php` file’s `include` function causes a file inclusion issue. This issue is possible to be carried out remotely and the exploit has been made publicly available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PHPGurukul User Management System version 1.0 Description: A SQL injection issue exists in PHPGurukul User Management System version 1.0. The issue is located in the `/signup.php` file, where manipulation of the `emailid` parameter can lead to SQL injection. The attack can be executed remotely. The exploit is publicly available. Recommendations: As a mitigation, sanitize the `emailid` parameter in the `/signup.php` file to prevent SQL injection.