Mehmetcan Topal

**Name of the Vulnerable Software and Affected Versions** Pre-School Enrollment version 1.0 **Description** The issue allows for SQL Injection via the `username` parameter in the "preschool/admin/" page. This could potentially lead to unauthorized access or manipulation of data. **Recommendations** For Pre-School Enrollment version 1.0, consider restricting access to the "preschool/admin/" page until a fix is available, and avoid using the `username` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pre-School Enrollment version 1.0 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability. It occurs on the `profile.php` page via the `fullname` parameter. This allows for potential malicious script injection, affecting the security of the system. **Recommendations** For Pre-School Enrollment version 1.0, consider restricting access to the `profile.php` page or validating and sanitizing the `fullname` parameter to prevent XSS attacks. As a temporary workaround, avoid using the `fullname` parameter in the affected page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.