Esquire

**Name of the Vulnerable Software and Affected Versions** Anuj Kumar's Boat Booking System version 1.0 **Description** The issue allows local attackers to upload a malicious PHP script via the `Image Upload Mechanism` parameter in the change-image.php file. This enables attackers to potentially execute malicious code on the system. **Recommendations** For Anuj Kumar's Boat Booking System version 1.0, consider disabling the image upload functionality in change-image.php until a patch is available to prevent exploitation. Restrict access to the change-image.php file to minimize the risk of uploading malicious scripts. Avoid using the `Image Upload Mechanism` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Anuj Kumar's Client Management System version 1.2 **Description** The issue allows local attackers to inject arbitrary web script or HTML via the `search input field` parameter to admin search invoice page and client search invoice page. This is a Cross-Site Scripting (XSS) issue. **Recommendations** For Anuj Kumar's Client Management System version 1.2, consider restricting access to the search input field parameter in the admin search invoice page and client search invoice page until a patch is available. As a temporary workaround, avoid using the `search input field` parameter in these pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.