Ciph0X01

**Name of the Vulnerable Software and Affected Versions** Simple Exam Reviewer Management System version 1.0 **Description** The issue concerns improper access control in the User List function, allowing low-privileged users to modify user permissions to higher privileges. **Recommendations** For Simple Exam Reviewer Management System version 1.0, consider restricting access to the User List function to prevent low-privileged users from modifying user permissions until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Simple Exam Reviewer Management System version 1.0 **Description** The issue concerns an insecure file upload in the User List function. **Recommendations** For Simple Exam Reviewer Management System version 1.0, consider restricting file uploads to only necessary and validated files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple Exam Reviewer Management System version 1.0 **Description** The issue concerns a Cross Site Request Forgery (CSRF) vulnerability via the Exam List. This means an attacker could potentially trick a user into performing unintended actions on the system. **Recommendations** For Simple Exam Reviewer Management System version 1.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the Exam List feature until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Simple Exam Reviewer Management System version 1.0 **Description** The issue concerns Stored Cross Site Scripting (XSS) via the Exam List. This means an attacker can inject malicious scripts into the Exam List, which can then be executed by other users, potentially leading to unauthorized actions or data theft. **Recommendations** For Simple Exam Reviewer Management System version 1.0, consider disabling the Exam List feature until a patch is available to prevent exploitation of the Stored Cross Site Scripting (XSS) issue. Restrict access to the Exam List to minimize the risk of exploitation. Avoid using the Exam List until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Exam Reviewer Management System version 1.0 **Description** The issue concerns an insecure file upload in the Simple Exam Reviewer Management System. This allows for potential malicious file uploads, which could lead to various security issues. **Recommendations** For Simple Exam Reviewer Management System version 1.0, consider restricting or disabling file upload functionality until a proper fix is implemented to secure the file upload process.