Mountain Ghost

**Name of the Vulnerable Software and Affected Versions** code-projects Student File Management System version 1.0 **Description** An improper authorization issue exists in the File Download Handler component of code-projects Student File Management System version 1.0. The issue is due to the manipulation of the `store id` argument within the `/download.php` file. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Student File Management System version 1.0 **Description** A flaw exists in Student File Management System version 1.0 that allows for remote code execution. The issue is related to SQL injection within the `/download.php` file, specifically through manipulation of the `istore id` parameter. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Student File Management System version 1.0 **Description** A security issue has been identified in code-projects Student File Management System version 1.0. The issue affects an unknown part of the file `/save file.php`. Manipulation of the `File` argument allows for unrestricted file upload, and the attack can be executed remotely. The exploit for this issue has been publicly disclosed. Elevated activity targeting this system has been observed. **Recommendations** Apply restrictions to the `/save file.php` file to prevent unrestricted file uploads.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System 1.0 that allows for SQL injection. The issue is located in the `/update subject.php` file, specifically through manipulation of the `ID` argument within an unknown function. This allows for remote execution of attacks. The exploit has been publicly disclosed. **Recommendations** Apply updates to address the issue in the `/update subject.php` file. As a temporary workaround, restrict access to the `ID` parameter in the `/update subject.php` file.