Hiran

**Name of the Vulnerable Software and Affected Versions** SourceCodester Patients Waiting Area Queue Management System version 1.0 **Description** A weakness exists in SourceCodester Patients Waiting Area Queue Management System 1.0. The issue involves improper authorization due to manipulation of the `patient id` argument within an unknown function of the `/checkin.php` file. This allows for remote exploitation. The exploit has been publicly released. **Recommendations** Apply any available updates or patches for version 1.0. As a temporary workaround, restrict access to the `/checkin.php` file or the function handling the `patient id` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** An improper authorization issue exists in the User Creation Handler component of the software. This can be triggered by manipulating the file `add user.php`. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A flaw exists in the Financial Report Page component of the software that allows for improper authorization. This can be exploited remotely by an attacker. The exploit is publicly available. The vulnerability allows for an unauthenticated remote authorization bypass. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A weakness exists in SourceCodester Web-based Pharmacy Product Management System version 1.0 that can lead to session expiration. Remote exploitation is possible, but the complexity of an attack is considered high and exploitability is difficult. The exploit has been made publicly available. The affected component is unknown. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.