Jadu101

**Name of the Vulnerable Software and Affected Versions** Project Worlds Online Time Table Generator version 1.0 **Description** A critical vulnerability was found in the Project Worlds Online Time Table Generator. The issue affects an unknown functionality of the file "/timetable/staff/staffdashboard.php?info=updateprofile". The manipulation of the argument `n` leads to SQL injection. The attack can be launched remotely. **Recommendations** For Project Worlds Online Time Table Generator version 1.0, as a temporary workaround, consider restricting access to the "/timetable/staff/staffdashboard.php?info=updateprofile" endpoint until a patch is available. Avoid using the argument `n` in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Simple Web-Based Chat Application version 1.0 **Description** A vulnerability was found in the file /index.php, where the manipulation of the `Name/Comment` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Project Worlds Simple Web-Based Chat Application version 1.0, as a temporary workaround, consider restricting the use of the `Name/Comment` argument in the /index.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Online Time Table Generator version 1.0 **Description** A critical issue has been found in the software, affecting an unknown function of the file /timetable/admin/admindashboard.php?info=add course. The manipulation of the argument `c` leads to sql injection. It is possible to launch the attack remotely. **Recommendations** For Project Worlds Online Time Table Generator version 1.0, as a temporary workaround, consider restricting access to the `/timetable/admin/admindashboard.php?info=add course` endpoint to minimize the risk of exploitation. Avoid using the argument `c` in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Vehicle Record System version 1.0 **Description** A problematic issue was found in the PHPGurukul Vehicle Record System, affecting an unknown part of the file /admin/edit-brand.php. The manipulation of the `Brand Name` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The issue has been disclosed to the public and may be used. There is a mention of the parameter `phone number` being affected, but this might be a mistake due to the textbox field label being `Brand Name`. **Recommendations** For PHPGurukul Vehicle Record System version 1.0, consider disabling the editing functionality in the /admin/edit-brand.php file until a patch is available to prevent cross-site scripting attacks. Restrict access to the `Brand Name` field to minimize the risk of exploitation. Avoid using the `Brand Name` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Student Project Allocation System version 1.0 **Description** A critical issue has been found in the Project Selection Page component, specifically in the /student/project selection/remove project.php file. The manipulation of the `no` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Project Worlds Student Project Allocation System version 1.0, consider restricting access to the /student/project selection/remove project.php file until a patch is available. As a temporary workaround, avoid using the `no` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Simple Web-Based Chat Application version 1.0 **Description** A critical issue has been found in the application, affecting an unknown functionality of the file /index.php. The manipulation of the `username` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Project Worlds Simple Web-Based Chat Application version 1.0, consider restricting access to the /index.php file until a patch is available. As a temporary workaround, avoid using the `username` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Student Project Allocation System version 1.0 **Description** A critical issue was found in the Project Selection Page component, specifically in the file /student/project selection/move up project.php. The manipulation of the `up` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Project Worlds Student Project Allocation System version 1.0, consider restricting access to the /student/project selection/move up project.php file until a patch is available. As a temporary workaround, avoid using the `up` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Project Worlds Student Project Allocation System version 1.0 **Description** A critical issue was found in the Project Selection Page component, specifically in the /student/project selection/project selection.php file. The manipulation of the `project id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Project Worlds Student Project Allocation System version 1.0, consider restricting access to the `project id` argument in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the `project id` argument in the /student/project selection/project selection.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul IFSC Code Finder Project version 1.0 **Description** A vulnerability has been found in the PHPGurukul IFSC Code Finder Project, affecting unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul IFSC Code Finder Project version 1.0, consider disabling the `search.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue was found in the PHPGurukul Boat Booking System. It affects an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the arguments `sadminusername`, `fullname`, `emailid`, and `mobilenumber` leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Boat Booking System version 1.0, as a temporary workaround, consider disabling the affected functionality in the /admin/profile.php file until a patch is available. Restrict access to the vulnerable My Profile Page component to minimize the risk of exploitation. Avoid using the parameters `sadminusername`, `fullname`, `emailid`, and `mobilenumber` in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A problematic vulnerability has been found in the PHPGurukul Boat Booking System, affecting the `session start` function. This issue leads to session fixation and can be exploited remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For PHPGurukul Boat Booking System version 1.0, consider disabling the `session start` function as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A vulnerability was found in the PHPGurukul Boat Booking System. It affects an unknown part of the file `book-boat.php?bid=1` of the component Book a Boat Page. The manipulation of the `phone number` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Boat Booking System version 1.0, consider disabling the `book-boat.php` page or restricting access to it until a patch is available. As a temporary workaround, avoid using the `phone number` argument in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A problematic vulnerability was found in the PHPGurukul Boat Booking System. This issue affects the /admin/book-details.php file of the Booking Details Page component. The manipulation of the `Official Remark` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Boat Booking System version 1.0, as a temporary workaround, consider restricting access to the `/admin/book-details.php` page until a patch is available. Additionally, avoid using the `Official Remark` argument in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue has been found in the PHPGurukul Boat Booking System, affecting the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the arguments `sadminusername`, `fullname`, `emailid`, and `mobilenumber` leads to SQL injection. The attack can be initiated remotely. It is assumed that multiple parameters are affected, not just `mobilenumber` as initially mentioned. **Recommendations** For PHPGurukul Boat Booking System version 1.0, consider disabling the Edit Subdomain Details Page or restricting access to the /admin/edit-subadmin.php file until a patch is available. As a temporary workaround, avoid using the parameters `sadminusername`, `fullname`, `emailid`, and `mobilenumber` in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue affects the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the `username` argument leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Boat Booking System version 1.0, as a temporary workaround, consider disabling the password recovery functionality until a patch is available. Restrict access to the /admin/password-recovery.php file to minimize the risk of exploitation. Avoid using the `username` argument in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue was found in the PHPGurukul Boat Booking System, affecting the file change-image.php of the component Update Boat Image Page. The manipulation of the `image` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Boat Booking System version 1.0, consider disabling the image upload functionality in the Update Boat Image Page until a patch is available. Restrict access to the change-image.php file to minimize the risk of exploitation. Avoid using the `image` argument in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue has been found in the PHPGurukul Boat Booking System, affecting some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the arguments `fdate` and `tdate` leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Boat Booking System version 1.0, as a temporary workaround, consider restricting access to the /admin/bwdates-report-details.php file until a patch is available. Avoid using the parameters `fdate` and `tdate` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue has been found in the Sign In Page component of the PHPGurukul Boat Booking System, specifically in the /admin/index.php file. The manipulation of the `username` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Boat Booking System version 1.0, as a temporary workaround, consider restricting access to the `/admin/index.php` file or disabling the Sign In Page component until a patch is available. Avoid using the `username` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue was found in the PHPGurukul Boat Booking System, affecting some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the `emailid` argument leads to SQL injection. The attack may be launched remotely. **Recommendations** For PHPGurukul Boat Booking System version 1.0, as a temporary workaround, consider restricting access to the `status.php` file or disabling the Check Booking Status Page functionality until a patch is available. Avoid using the `emailid` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Boat Booking System version 1.0 **Description** A critical issue has been found in the PHPGurukul Boat Booking System, affecting an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the `nopeople` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For PHPGurukul Boat Booking System version 1.0, as a temporary workaround, consider validating and sanitizing the `nopeople` argument in the book-boat.php file to prevent SQL injection attacks. Restrict access to the book-boat.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.