Kr1Shna4Garwal

**Name of the Vulnerable Software and Affected Versions** Chamilo LMS versions prior to 1.11.34 **Description** Chamilo LMS is a learning management system. Prior to version 1.11.34, an unauthenticated SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands through the `custom dates` parameter. This can be chained with a predictable legacy password reset mechanism, enabling full administrative account takeover without prior credentials. The vulnerability also exposes the entire database, including Personally Identifiable Information (PII) and system configurations. **Recommendations** Versions prior to 1.11.34 should be updated to version 1.11.34 or later.

**Name of the Vulnerable Software and Affected Versions** jsonwebtoken versions prior to 10.3.0 **Description** A Type Confusion issue exists in jsonwebtoken, specifically within its claim validation logic. When a standard claim, such as 'nbf' or 'exp', is provided with an incorrect JSON type (like a String instead of a Number), the library marks the claim as “FailedToParse”. The validation logic then treats this “FailedToParse” state the same as “NotPresent”. Consequently, if a check is enabled (e.g., validate nbf = true) but the claim is not explicitly listed in required spec claims, the library skips the validation check entirely for the malformed claim, effectively treating it as if it were absent. This allows attackers to bypass critical time-based security restrictions, such as “Not Before” checks, potentially leading to authentication and authorization bypasses. The issue arises from the interaction between the TryParse enum and the validate function. The vulnerability impacts authentication systems and application stability. **Recommendations** Update to jsonwebtoken version 10.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** Manager-io/Manager versions 25.11.1.3085 and below **Description** Manager-io/Manager accounting software contains a critical flaw in its DNS validation mechanism. This flaw results in a Time-of-Check Time-of-Use (TOCTOU) condition, allowing attackers to bypass network isolation and gain unauthorized access to internal network resources, cloud metadata endpoints, and protected network segments. The Desktop edition does not require authentication, while the Server edition requires standard authentication. TOCTOU is a race condition where a check is performed on a resource, and then the resource is used, but in the time between the check and the use, the resource has been modified by another process. **Recommendations** Update Manager Desktop and Server to version 25.11.1.3086.

**Name of the Vulnerable Software and Affected Versions** TS3 Manager versions 2.2.1 and earlier **Description** TS3 Manager, a web interface for Teamspeak3 servers, contains a flaw that allows an unauthenticated attacker to terminate the application. This occurs by submitting specially crafted Unicode input to the Server field on the login page. The application improperly handles Unicode tag characters during ASCII conversion, leading to an unhandled exception and application crash within four to five seconds. **Recommendations** Update to version 2.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** TS3 Manager versions prior to 2.2.2 **Description** TS3 Manager, a web interface for Teamspeak3 servers, contains a reflected cross-site scripting issue. The problem resides in the login page's error handling, specifically when processing server hostnames. Malicious scripts within these hostnames can be executed in a user's browser due to insufficient sanitization. **Recommendations** Update to version 2.2.2 or later.

Name of the Vulnerable Software and Affected Versions: Hoverfly versions 1.11.3 and prior Description: Hoverfly’s admin WebSocket endpoint `/api/v2/ws/logs` lacks the authentication middleware present in the REST admin API. This allows an unauthenticated remote attacker to stream real-time application logs, potentially exposing sensitive data such as internal file paths and request/response bodies. Recommendations: Update to version 1.12.0 or later.

Name of the Vulnerable Software and Affected Versions: Hoverfly versions 1.11.3 and prior Description: Hoverfly is vulnerable to a command injection issue at the `/api/v2/hoverfly/middleware` endpoint due to insufficient validation and sanitization of user input. This vulnerability stems from a combination of flaws: insufficient input validation, unsafe command execution, and immediate execution during testing. An attacker can exploit this to gain remote code execution (RCE) on systems running the vulnerable Hoverfly service, potentially executing arbitrary commands with the privileges of the Hoverfly process. Recommendations: Update to version 1.12.0 or later.

**Name of the Vulnerable Software and Affected Versions** Manager-io/Manager versions up to and including 25.7.18.2519 **Description** Manager-io/Manager is accounting software with a critical unauthenticated Server-Side Request Forgery (SSRF) vulnerability identified in the proxy handler component. This vulnerability allows an unauthenticated attacker to bypass network isolation and access restrictions, potentially enabling access to internal services, cloud metadata endpoints, and the exfiltration of sensitive data from isolated network segments. **Recommendations** Update to version 25.7.21.2525 or later.

**Name of the Vulnerable Software and Affected Versions** PuneethReddyHC Online Shopping System Advanced version 1.0 **Description** A critical issue affects an unknown functionality of the file /admin/reg.php in the Admin Registration component, leading to improper authentication. This can be exploited remotely. **Recommendations** For PuneethReddyHC Online Shopping System Advanced version 1.0, consider restricting access to the /admin/reg.php file until a fix is available. As a temporary workaround, review and strengthen authentication mechanisms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Resort Management System version 1.0 **Description** A vulnerability was found in the system, declared as problematic, affecting an unknown functionality. The manipulation of the `page` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For SourceCodester Resort Management System version 1.0, as a temporary workaround, consider restricting access to the argument `page` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Resort Reservation System version 1.0 **Description** A problematic vulnerability was found in the Manage Room Page component, specifically in the file ?page=rooms. The manipulation of the `Cottage Number` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For version 1.0, consider disabling the functionality related to the `Cottage Number` argument in the ?page=rooms file until a patch is available. Restrict access to the Manage Room Page component to minimize the risk of exploitation. Avoid using the `Cottage Number` argument in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Advance Charity Management System version 1.0 PuneethReddyHC online-shopping-system-advanced version 1.0 **Description** A problematic issue was found in the affected software, specifically in the file addsuppliers.php, where the manipulation of the `First name` argument leads to cross site scripting. This issue can be initiated remotely. **Recommendations** For SourceCodester Advance Charity Management System version 1.0, consider disabling the `addsупpliers.php` file or restricting access to it until a patch is available. For PuneethReddyHC online-shopping-system-advanced version 1.0, avoid using the `First name` argument in the affected file until the issue is resolved. As a temporary workaround, restrict the use of the `addsупpliers.php` file to minimize the risk of exploitation.