Madhav Shah

**Name of the Vulnerable Software and Affected Versions** SourceCodester Packers and Movers Management System version 1.0 **Description** The issue allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. This is due to a Cross Site Request Forgery (CSRF) in the Users.php file. **Recommendations** For SourceCodester Packers and Movers Management System version 1.0, consider implementing proper CSRF protection mechanisms, such as tokens, to prevent unauthorized requests. As a temporary workaround, restrict access to the Users.php file and the functionality to create new admin accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Packers and Movers Management System version 1.0 **Description** The issue concerns a Cross Site Scripting (XSS) problem in the Users.php file. An attacker can inject a malicious script into the `username` or `name` field during user creation. **Recommendations** For SourceCodester Packers and Movers Management System version 1.0, consider validating and sanitizing user input in the `username` and `name` fields to prevent malicious script injection until a patch is available. As a temporary workaround, restrict access to the user creation functionality to minimize the risk of exploitation.