Geraldo Alcântara

**Name of the Vulnerable Software and Affected Versions** Customer Support System version 1.0 **Description** The issue allows a remote attacker to escalate privileges via a crafted script using parameters such as `firstname`, `lastname`, `middlename`, `contact`, and `address`. **Recommendations** For Customer Support System version 1.0, consider disabling the use of the `firstname`, `lastname`, `middlename`, `contact`, and `address` parameters in scripts until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School Fees Management System version 1.0 **Description** A Cross Site Scripting (XSS) issue allows a remote attacker to execute arbitrary code via a crafted payload to the main settings component in the `phone`, `address`, `bank`, `acc name`, `acc number` parameters, `new class` and `cname` parameter, `add new parent` function in the `name` and `email` parameters, `new term` function in the `tname` parameter, and the `edit student` function in the `name` parameter. **Recommendations** As a temporary workaround, consider disabling the `main settings` component and the `add new parent`, `new term`, and `edit student` functions until a patch is available. Restrict access to the vulnerable parameters `phone`, `address`, `bank`, `acc name`, `acc number`, `name`, `email`, `cname`, and `tname` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Student Attendance System version 1.0 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted payload to the `id` parameter in the "student form.php" and "class form.php" pages. This enables the attacker to inject malicious SQL code, potentially leading to unauthorized access or data manipulation. **Recommendations** For Simple Student Attendance System version 1.0, consider disabling the `id` parameter in the affected pages until a patch is available. Restrict access to the "student form.php" and "class form.php" pages to minimize the risk of exploitation. Avoid using the `id` parameter in these pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Student Attendance System version 1.0 **Description** A Cross Site Scripting (XSS) issue allows a remote attacker to execute arbitrary code via a crafted payload to the `page` or `class month` parameter in the "/php-attendance/attendance report" component. This enables the attacker to perform unauthorized actions on the system. **Recommendations** For Simple Student Attendance System version 1.0, as a temporary workaround, consider disabling access to the "/php-attendance/attendance report" component until a patch is available. Restrict input to the `page` and `class month` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Customer Support System version 1.0 **Description** The issue concerns multiple SQL injection vulnerabilities in the /customer support/ajax.php?action=save ticket endpoint via `department id`, `customer id`, and `subject`. This allows for potential exploitation. **Recommendations** For version 1.0, consider disabling the `/customer support/ajax.php?action=save ticket` endpoint until a patch is available. Restrict access to the `department id`, `customer id`, and `subject` parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `email` parameter at the "/customer support/ajax.php" API endpoint. **Recommendations** For Customer Support System version v1, consider restricting access to the "/customer support/ajax.php" endpoint until a patch is available. As a temporary workaround, avoid using the `email` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `username` parameter at the "/customer support/ajax.php?action=login" API endpoint. **Recommendations** For Customer Support System version v1, consider disabling the login functionality at the "/customer support/ajax.php?action=login" endpoint until a patch is available. Restrict access to the `username` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `lastname` parameter at the "/customer support/ajax.php?action=save user" API endpoint. **Recommendations** For Customer Support System version v1, consider restricting access to the `/customer support/ajax.php?action=save user` API endpoint until a patch is available. As a temporary workaround, avoid using the `lastname` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/customer support/manage department.php" API endpoint. **Recommendations** For Customer Support System version v1, consider restricting access to the "/customer support/manage department.php" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/customer support/index.php?page=edit customer" API endpoint. **Recommendations** For Customer Support System version v1, consider restricting access to the "/customer support/index.php?page=edit customer" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `subject` parameter at the "/customer support/ajax.php?action=save ticket" API endpoint. **Recommendations** For Customer Support System version v1, consider restricting access to the "/customer support/ajax.php?action=save ticket" API endpoint until a patch is available. As a temporary workaround, avoid using the `subject` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `firstname` parameter at "/customer support/index.php?page=customer list". **Recommendations** For Customer Support System version v1, as a temporary workaround, consider restricting access to the `/customer support/index.php?page=customer list` endpoint until a patch is available. Avoid using the `firstname` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `email` parameter at "/customer support/index.php?page=customer list". This enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For Customer Support System version v1, as a temporary workaround, consider restricting access to the "/customer support/index.php?page=customer list" endpoint until a patch is available. Avoid using the `email` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `contact` parameter at "/customer support/index.php?page=customer list". **Recommendations** For Customer Support System version v1, as a temporary workaround, consider restricting access to the "/customer support/index.php?page=customer list" endpoint until a patch is available. Avoid using the `contact` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `subject` parameter at "/customer support/index.php?page=new ticket". **Recommendations** For Customer Support System version v1, as a temporary workaround, consider restricting access to the "/customer support/index.php?page=new ticket" endpoint until a patch is available. Avoid using the `subject` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `address` parameter at "/customer support/index.php?page=new customer". **Recommendations** For Customer Support System version v1, consider restricting access to the "/customer support/index.php?page=new customer" endpoint until a patch is available. As a temporary workaround, avoid using the `address` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Book Store Management System version 1.0 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `category` parameter in the "/bsms ci/index.php/category" API endpoint. This enables the execution of malicious code on the client-side. **Recommendations** For Book Store Management System version 1.0, as a temporary workaround, consider restricting access to the "/bsms ci/index.php/category" API endpoint to minimize the risk of exploitation. Avoid using the `category` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Customer Support System version v1 **Description** A directory listing issue allows attackers to list directories and sensitive files within the application without requiring authorization. **Recommendations** For Customer Support System version v1, consider restricting access to sensitive directories and files to minimize the risk of exploitation. As a temporary workaround, review and adjust the application's authorization settings to ensure proper access controls are in place.

**Name of the Vulnerable Software and Affected Versions** Best Student Result Management System version 1.0 **Description** A directory listing issue allows attackers to list directories and sensitive files within the application without requiring authorization. **Recommendations** For Best Student Result Management System version 1.0, restrict access to sensitive directories and files to prevent unauthorized listing. Consider implementing proper access controls to mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** School Fees Management System version 1.0 **Description** A directory listing issue allows attackers to list directories and sensitive files within the application without requiring authorization. **Recommendations** For School Fees Management System version 1.0, consider restricting access to sensitive directories and files to minimize the risk of exploitation. As a temporary workaround, review and adjust the application's configuration to require proper authorization for directory listings.