Madhur Jain

**Name of the Vulnerable Software and Affected Versions** SourceCodester Blood Bank Management System version 1.0 **Description** A critical issue affects the processing of the file login.php, where the manipulation of the `username` and `password` arguments leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Blood Bank Management System version 1.0, consider temporarily restricting access to the login.php file until a patch is available. As a mitigation measure, avoid using the `username` and `password` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Blood Bank Management System version 1.0 **Description** A problematic vulnerability has been found in the User Registration Handler component. The issue affects an unknown function of the file index.php?page=users. The manipulation of the `Name` argument leads to cross-site scripting. It is possible to launch the attack remotely. **Recommendations** For version 1.0, consider disabling the User Registration Handler component until a patch is available. Restrict access to the index.php?page=users file to minimize the risk of exploitation. Avoid using the `Name` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester School Dormitory Management System version 1.0 **Description** A critical vulnerability was found in the Admin Login component, which leads to sql injection. The attack can be launched remotely. The manipulation affects an unknown functionality of this component. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the Admin Login component until a patch is available. Avoid using any functionality that may trigger sql injection in the affected component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.