Mohammed Athif

**Name of the Vulnerable Software and Affected Versions** Phpgurukul Online Birth Certificate System version 1.0 **Description** A stored cross-site scripting (XSS) issue was identified in the /user/certificate-form.php endpoint via the `full name` field. This allows for malicious scripts to be stored and executed, potentially affecting users of the system. **Recommendations** For Phpgurukul Online Birth Certificate System version 1.0, consider disabling the /user/certificate-form.php endpoint or restricting access to it until a patch is available. Additionally, avoid using the `full name` field in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Phpgurukul Online Birth Certificate System version 1.0 **Description** The issue is related to insufficient password requirements, which can lead to unauthorized access to user accounts. This weakness in password rules can allow someone to access user accounts without permission. **Recommendations** For Phpgurukul Online Birth Certificate System version 1.0, consider implementing stronger password requirements to mitigate the risk of unauthorized access. As a temporary workaround, restrict access to sensitive features of the system until a more secure password policy is in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Birth Certificate System version 1.0 **Description** An insecure direct object reference (IDOR) vulnerability was discovered in the PHPGurukul Online Birth Certificate System. This issue resides in the `viewid` parameter of "/user/view-application-detail.php". Authenticated users can exploit this flaw by manipulating the `viewid` parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks. **Recommendations** To resolve this issue, update PHPGurukul Online Birth Certificate System to a version that includes a fix for this vulnerability. As a temporary workaround, consider restricting access to the "/user/view-application-detail.php" endpoint to minimize the risk of exploitation. Avoid using the `viewid` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Birth Certificate System version 1.0 **Description** A stored HTML Injection issue was identified in the /user/certificate-form.php endpoint. This allows for the injection of malicious HTML code, potentially leading to security breaches. **Recommendations** For PHPGurukul Online Birth Certificate System version 1.0, consider disabling access to the /user/certificate-form.php endpoint until a patch is available to prevent exploitation of the stored HTML Injection vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGURUKUL Vehicle Parking Management System version 1.13 **Description** A SQL injection issue was found in the /users/view-detail.php endpoint, specifically affecting the `viewid` parameter. Improper input sanitization allows attackers to inject malicious SQL queries. **Recommendations** For PHPGURUKUL Vehicle Parking Management System version 1.13, consider disabling access to the /users/view-detail.php endpoint until a patch is available, or ensure proper input sanitization for the `viewid` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** PHPGURUKUL Vehicle Parking Management System version 1.13 **Description** A stored cross-site scripting (XSS) issue was identified in the /users/profile.php endpoint. This issue allows authenticated users to inject malicious XSS scripts into the `profile name` field. **Recommendations** For PHPGURUKUL Vehicle Parking Management System version 1.13, consider disabling the profile name field in the /users/profile.php endpoint until a patch is available. Restrict access to the /users/profile.php endpoint to minimize the risk of exploitation. Avoid using the `profile name` field in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.