Fortuneh2C

**Name of the Vulnerable Software and Affected Versions** sambitraj STUDENT-MANAGEMENT-SYSTEM version 1.0 **Description** A remote SQL injection exists within the Login Page component. This occurs when the `email` argument is manipulated, allowing an attacker to interfere with the database queries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bootstrap CMS version 0.9.0-alpha **Description** An issue exists in the Page Creation Handler component within the file resources/views/pages/show.blade.php. Manipulation of the `body` argument allows for remote code injection, which is the execution of arbitrary code on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pagekit versions prior to 1.0.19 **Description** An issue exists in the `/index.php/admin/system/update/download` endpoint where manipulation of the `url` argument allows for server-side request forgery (SSRF), a flaw that enables an attacker to induce the server to make requests to an unintended location. This can be exploited remotely. **Recommendations** Update to a version later than 1.0.18. As a temporary workaround, restrict access to the `/index.php/admin/system/update/download` endpoint.