Noflag

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Security Guards Hiring System version 1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "osghs/admin/search.php" API endpoint. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For PHPGurukul Online Security Guards Hiring System version 1.0, consider restricting access to the `osghs/admin/search.php` endpoint until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Faculty Evaulation System version 1.0 **Description** The issue allows an attacker to execute arbitrary code via a crafted payload to the `page` parameter. This is a Cross Site Scripting vulnerability in the Faculty Evaulation System using PHP/MySQLi. **Recommendations** For Faculty Evaulation System version 1.0, consider validating and sanitizing user input for the `page` parameter to prevent the execution of arbitrary code. As a temporary workaround, restrict access to the `page` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e107 version 2.3.2 **Description** The issue allows a remote attacker to execute arbitrary code via the description function in the SEO project. This is a Cross Site Scripting vulnerability. **Recommendations** For e107 version 2.3.2, consider disabling the description function in the SEO project as a temporary workaround until a patch is available. Restrict access to the SEO project to minimize the risk of exploitation. Avoid using the description field in the SEO project until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Online Pizza Ordering System version 1.0 **Description** The issue is related to a Cross-site scripting (XSS) vulnerability. This vulnerability is located in the "/admin/index.php?page=categories" endpoint, specifically in the Category item. **Recommendations** For Sourcecodester Online Pizza Ordering System version 1.0, consider restricting access to the "/admin/index.php?page=categories" endpoint until a fix is available. As a temporary workaround, avoid using the Category item in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectworlds Online Art Gallery Project version 1.0 **Description** The issue allows unauthenticated users to perform arbitrary file uploads via the "adminHome.php" page. However, it is noted that the validity of this issue has been disputed. **Recommendations** For Projectworlds Online Art Gallery Project version 1.0, as a temporary workaround, consider restricting access to the "adminHome.php" page to prevent arbitrary file uploads until the dispute is resolved or a patch is available.

**Name of the Vulnerable Software and Affected Versions** KodExplorer version 4.51 **Description** The issue concerns a Cross-Site Scripting (XSS) vulnerability located in the Description box of the Light App creation feature. An attacker can exploit this by injecting XSS syntax into the `Description` field. **Recommendations** For KodExplorer version 4.51, as a temporary workaround, consider restricting user input in the Description field of the Light App creation feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.