Krishna Yadav

**Name of the Vulnerable Software and Affected Versions** Online Bus Booking System Project Using PHP/MySQL version 1.0 **Description** The issue allows remote attackers to bypass authentication and execute arbitrary SQL commands via the login page by placing a SQL injection payload. This can lead to attackers gaining admin privileges. **Recommendations** For Online Bus Booking System Project Using PHP/MySQL version 1.0, consider validating and sanitizing user input on the login page to prevent SQL injection attacks. As a temporary workaround, restrict access to the login page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Student Management System Project in PHP version 1.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the 'add subject' tab, allowing for stored XSS attacks. **Recommendations** For version 1.0, consider disabling the 'add subject' tab functionality until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to this feature to minimize the risk of cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.