Emirhan Mutlu

**Name of the Vulnerable Software and Affected Versions** Computer Laboratory Management System version 1.0 **Description** The issue allows for SQL Injection via the "id" parameter of the "/admin/?page=user/manage user&id=6" API endpoint. This means an attacker could potentially inject malicious SQL code using the `id` variable. **Recommendations** For Computer Laboratory Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=user/manage user&id=6" API endpoint until a patch is available. Avoid using the `id` parameter in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Computer Laboratory Management System version 1.0 **Description** The issue concerns SQL Injection via the `id` parameter of the "/admin/damage/view damage.php" API endpoint. **Recommendations** For Computer Laboratory Management System version 1.0, consider restricting access to the "/admin/damage/view damage.php" endpoint until a patch is available, and avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Computer Laboratory Management System version 1.0 **Description** The issue allows for SQL Injection via the `id` parameter of the "/admin/item/view item.php" API endpoint. **Recommendations** For Computer Laboratory Management System version 1.0, avoid using the `id` parameter in the "/admin/item/view item.php" endpoint until the issue is resolved. Consider temporarily restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Computer Laboratory Management System version 1.0 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary JavaScript code by including malicious payloads into `remarks`, `borrower name`, `faculty department` parameters in "/classes/Master.php?f=save record" API endpoint. **Recommendations** For Computer Laboratory Management System version 1.0, consider disabling the parameters `remarks`, `borrower name`, `faculty department` in the "/classes/Master.php?f=save record" API endpoint until a patch is available. Restrict access to the Master.php file to minimize the risk of exploitation. Avoid using the parameters `remarks`, `borrower name`, `faculty department` in the affected API endpoint until the issue is resolved.