Harish Kumar

**Name of the Vulnerable Software and Affected Versions** CodeAstro Complaint Management System version 1.0 **Description** The issue allows a remote attacker to escalate privileges via the delete e.php component. **Recommendations** For CodeAstro Complaint Management System version 1.0, consider disabling access to the delete e.php component until a patch is available. Restricting access to this component can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Notes Sharing Management System version 1.0 **Description** An IDOR vulnerability in the edit-notes.php module allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information. **Recommendations** For PHPGurukul Online Notes Sharing Management System version 1.0, consider disabling the edit-notes.php module until a patch is available to prevent unauthorized note modifications. Restrict access to the edit-notes.php module to minimize the risk of exploitation. Avoid using the module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Notes Sharing Management System version 1.0 **Description** The issue is related to an IDOR vulnerability in the manage-notes.php module, which lacks authorization checks. This allows unauthorized users to delete notes belonging to other accounts, enabling attackers to delete another user's information. **Recommendations** For PHPGurukul Online Notes Sharing Management System version 1.0, consider disabling the manage-notes.php module until a patch is available to prevent unauthorized note deletion. Restrict access to this module to minimize the risk of exploitation. Avoid using the manage-notes.php module for sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Complaint Management System version 1.0 **Description** An issue in CodeAstro Complaint Management System allows a remote attacker to escalate privileges via the "mess-view.php" component. **Recommendations** For CodeAstro Complaint Management System version 1.0, consider disabling the "mess-view.php" component until a patch is available to prevent privilege escalation.

**Name of the Vulnerable Software and Affected Versions** CodeAstro's Complaint Management System version 1.0 **Description** An IDOR issue in the Complaint Management System enables an attacker to execute arbitrary code and obtain sensitive information. This is achieved via the delete.php file by modifying the `id` parameter. **Recommendations** For CodeAstro's Complaint Management System version 1.0, consider disabling access to the delete.php file as a temporary workaround until a patch is available. Restrict modification of the `id` parameter to minimize the risk of exploitation.