Dovankha

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Human Resource Management System version 1.0 **Description** The issue is related to Insecure Permissions, which can result in privilege escalation. **Recommendations** For Sourcecodester Human Resource Management System version 1.0, consider restricting access to sensitive features and modules to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Human Resource Management System version 1.0 **Description** The issue allows attackers to approve or reject leave tickets due to an insecure permission vulnerability in the /hrm/leaverequest.php file. **Recommendations** For version 1.0, restrict access to the /hrm/leaverequest.php file to minimize the risk of exploitation. Avoid using this file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Visitor Management System version 1.0 **Description** The issue allows attackers to execute arbitrary SQL commands, potentially leading to data exfiltration. This can be exploited remotely via the `id` parameter in the "/php-sqlite-vms/?page=manage visitor&id=1" API endpoint. **Recommendations** For SourceCodester Visitor Management System version 1.0, patch immediately and validate input to prevent exploitation. As a temporary workaround, consider restricting access to the "/php-sqlite-vms/?page=manage visitor&id=1" endpoint and validating the `id` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Human Resource Management System version 1.0 **Description** The issue allows for SQL Injection via the `leave` parameter. **Recommendations** For version 1.0, avoid using the `leave` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.