Dogadmin

**Name of the Vulnerable Software and Affected Versions** File Browser versions prior to 2.57.1 **Description** File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files. A flaw in the password validation process, specifically a case-sensitivity issue, allows authenticated users to modify their passwords—or, for administrators, any user's password—without providing the current password. This bypass occurs when the 'Password' field is capitalized in the API request instead of using lowercase 'password', effectively circumventing the `current password` verification. Successful exploitation, potentially through methods like cross-site scripting (XSS) or session hijacking to obtain a valid JSON Web Token (JWT), can lead to account takeover. The vulnerable parameter is `password`. The affected API endpoint is not explicitly mentioned. **Recommendations** Update to version 2.57.1 or later.

**Name of the Vulnerable Software and Affected Versions** itsourcecode School Management System version 1.0 **Description** A flaw exists in itsourcecode School Management System that allows for remote manipulation of the `ID` argument in the file `/ramonsys/faculty/index.php`, leading to a SQL injection. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.