Cptsticky

**Name of the Vulnerable Software and Affected Versions** LATRIX version 0.6.0 **Description** An issue was discovered that leads to SQL injection in the `txtaccesscode` parameter of "inandout.php", resulting in information disclosure and code execution. **Recommendations** For LATRIX version 0.6.0, consider restricting access to the "inandout.php" endpoint or avoiding the use of the `txtaccesscode` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CourseMS version 2.1 **Description** The issue allows an attacker with Admin account access to create a Job Title in the Site area, specifically through the `name` parameter in `admin/add jobs.php`, and insert a cross-site scripting (XSS) payload. This payload will execute when anyone visits the registration page. **Recommendations** For CourseMS version 2.1, consider restricting access to the `admin/add jobs.php` endpoint to prevent attackers from inserting XSS payloads through the `name` parameter until a fix is available. As a temporary workaround, monitor and validate all input for the `name` parameter in the `admin/add jobs.php` endpoint to prevent XSS payload insertion.