Ko-Kn3T

**Name of the Vulnerable Software and Affected Versions** PHPGurukul hostel-management-system version 2.1 **Description** The issue allows for XSS attacks through various input fields, including `Guardian Name`, `Guardian Relation`, `Guardian Contact no`, `Address`, or `City`. **Recommendations** For PHPGurukul hostel-management-system version 2.1, consider validating and sanitizing user input for the `Guardian Name`, `Guardian Relation`, `Guardian Contact no`, `Address`, and `City` fields to prevent XSS attacks. As a temporary workaround, restrict user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul hospital-management-system-in-php version 4.0 **Description** The issue allows for XSS attacks via several endpoints, including "admin/patient-search.php", "doctor/search.php", "book-appointment.php", "doctor/appointment-history.php", or "admin/appointment-history.php". **Recommendations** For PHPGurukul hospital-management-system-in-php version 4.0, consider disabling access to the mentioned endpoints until a patch is available. Restrict access to "admin/patient-search.php", "doctor/search.php", "book-appointment.php", "doctor/appointment-history.php", and "admin/appointment-history.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Bus Booking System version 1.0 **Description** The issue concerns a problem where an attacker can inject malicious code through the `name` parameter in the "book now.php" endpoint. This allows for potential exploitation. **Recommendations** For SourceCodester Online Bus Booking System version 1.0, consider validating and sanitizing user input for the `name` parameter in the "book now.php" file to prevent code injection. As a temporary workaround, restrict access to the "book now.php" endpoint until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Bus Booking System version 1.0 **Description** The issue concerns an authentication bypass on the Admin Login screen. This is achieved through SQL injection in the `username` or `password` fields in the admin.php file. **Recommendations** For SourceCodester Online Bus Booking System version 1.0, consider implementing proper input validation and sanitization to prevent SQL injection attacks, and ensure that authentication mechanisms are secure to prevent bypass.

**Name of the Vulnerable Software and Affected Versions** PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 **Description** The issue concerns SQL Injection via the "zms/animal-detail.php" endpoint. This allows for potential manipulation of database queries. **Recommendations** For PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0, consider restricting access to the "zms/animal-detail.php" endpoint until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Simple Library Management System version 1.0 **Description** The issue is related to Incorrect Access Control, which can be exploited via the Login Panel. The vulnerable endpoint is "http://<site>/lms/admin.php". **Recommendations** For Sourcecodester Simple Library Management System version 1.0, consider restricting access to the admin.php endpoint until a proper fix is applied. As a temporary workaround, review and strengthen the access control mechanisms for the Login Panel to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Simple Library Management System version 1.0 **Description** The issue concerns insecure permissions, specifically via the "Books > New Book" feature, accessible through the "/lms/index.php?page=books" API endpoint. **Recommendations** For Sourcecodester Simple Library Management System version 1.0, consider restricting access to the "Books > New Book" feature until a proper fix is applied, to minimize the risk of exploitation.