Outjinmswa

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hospitals Patient Records Management System version 1.0 **Description** A SQL injection flaw exists in the processing of the file "/classes/Master.php?f=save patient". The issue occurs when the `ID` argument is manipulated, allowing a remote attacker to execute unauthorized SQL commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Fees Management System versions prior to 1.1 **Description** A cross-site scripting issue exists in the `/navbar.php` file. Remote attackers can exploit this by manipulating the `page` argument, allowing the execution of malicious scripts in the victim's browser. **Recommendations** Update to a version later than 1.0. As a temporary workaround, restrict access to the `/navbar.php` file or sanitize the `page` argument to minimize the risk of exploitation.