Clausius Fan

**Name of the Vulnerable Software and Affected Versions** Chanjet CRM versions up to 20250510 **Description** A critical vulnerability was found in Chanjet CRM, affecting the file "/activity/newActivityedit.php" with the `gblOrgID` argument, leading to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Chanjet CRM versions up to 20250510, as a temporary workaround, consider restricting access to the "/activity/newActivityedit.php" endpoint until a patch is available. Avoid using the `gblOrgID` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Student Clearance System version 1.0 **Description** A vulnerability has been found in the SourceCodester Online Student Clearance System, affecting some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Online Student Clearance System version 1.0, consider implementing security measures to prevent cross-site request forgery attacks, such as validating user requests and ensuring proper authentication mechanisms are in place. As a temporary workaround, consider restricting access to sensitive functionalities until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.