Moasim

**Name of the Vulnerable Software and Affected Versions** SourceCodester Gas Agency Management System version 1.0 **Description** A flaw exists due to improper access controls in the processing of the `/gasmark/php action/createUser.php` file. This allows for unauthorized creation of accounts. The issue is potentially exploitable remotely, and an exploit has been published. The vulnerable parameter is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Medical Certificate Generator App version 1.0 **Description** A cross-site request forgery issue exists in SourceCodester Medical Certificate Generator App version 1.0. Remote exploitation is possible, and the exploit has been publicly disclosed. The affected component is currently unknown. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pet Grooming Management Software version 1.0 **Description** A flaw exists in the User Management component of the software, specifically within the file `/admin/operation/user.php`. Manipulation of the `group id` argument can lead to improper authorization. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** Apply any available updates or patches for version 1.0. As a temporary workaround, restrict access to the `/admin/operation/user.php` file. Avoid using the `group id` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul News Portal version 1.0 **Description** An improper authorization issue exists in the Add Sub-Admin Page of PHPGurukul News Portal. This flaw is located in an unknown function within the '/admin/add-subadmins.php' file and allows for remote attacks. The exploit for this issue is publicly available. **Recommendations** Apply any available updates or patches to address the improper authorization in the '/admin/add-subadmins.php' file. As a temporary workaround, restrict access to the '/admin/add-subadmins.php' file to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul News Portal version 1.0 **Description** A security flaw exists in PHPGurukul News Portal that allows for cross-site request forgery. This issue is triggered by manipulating an unknown function and can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BiggiDroid Simple PHP CMS version 1.0 **Description** A flaw exists in BiggiDroid Simple PHP CMS that allows for unrestricted file uploads. This issue affects an unknown function within the `/admin/editsite.php` file. The manipulation of the `image` argument enables attackers to upload files remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.