Nelson Fernandes

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue allows for SQL injection, both authenticated and unauthenticated, through a vulnerable parameter. This parameter can be used to craft and inject complex SQL commands due to stacked query support. Additionally, a sleep-based inferential SQL injection technique can be employed to extract data from the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** The application is affected by multiple instances of cross-site scripting (XSS), including both stored and reflected XSS. Vulnerable features include student assessment submission, file upload, news, ePortfolio, and calendar event creation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.