Jok3R

**Name of the Vulnerable Software and Affected Versions** EasyPMS version 1.0.0 **Description** The software contains an authentication bypass that permits unauthorized access to admin user information. Attackers can manipulate SQL queries within JSON requests due to weak input validation. Specifically, injecting single quotes into ID parameters allows modification of admin user passwords without valid token authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Pearson VUE VTS Installer version 2.3.1911 Description: The issue concerns the Application Wrapper in Pearson VUE VTS Installer, which has Full Control permissions for Everyone in the "%SYSTEMDRIVE%Pearson VUE" directory. This allows local users to obtain administrative privileges via a Trojan horse application. Recommendations: For Pearson VUE VTS Installer version 2.3.1911, consider restricting access to the "%SYSTEMDRIVE%Pearson VUE" directory to prevent local users from exploiting the Full Control permissions and obtaining administrative privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.