Kha Do

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Human Resource Management System version 1.0 **Description** The issue allows for SQL Injection via the `searccountry` parameter. **Recommendations** For Sourcecodester Human Resource Management System version 1.0, consider restricting access to the vulnerable parameter `searccountry` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Computer Laboratory Management System version 1.0 **Description** The issue concerns a Cross Site Scripting vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `firstname`, `middlename`, `lastname` parameters in the `/php-lms/classes/Users.php?f=save` API endpoint. **Recommendations** For Computer Laboratory Management System version 1.0, as a temporary workaround, consider validating and sanitizing the `firstname`, `middlename`, `lastname` parameters to prevent injection of malicious scripts. Restrict access to the `/php-lms/classes/Users.php?f=save` endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Computer Laboratory Management System version 1.0 **Description** The issue concerns a Cross Site Scripting vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `name` and `shortname` parameters in the 'php-lms/admin/?page=system info' endpoint. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the 'php-lms/admin/?page=system info' endpoint until a patch is available. Avoid using the `name` and `shortname` parameters in this endpoint until the issue is resolved.