Rashidkhan Pathan

**Name of the Vulnerable Software and Affected Versions** Efs Software Easy Chat Server version 3.1 **Description** The issue allows attackers to execute arbitrary code via a crafted DLL, exploiting a DLL hijacking vulnerability through the `TextShaping.dll` component. **Recommendations** For Efs Software Easy Chat Server version 3.1, consider restricting access to the `TextShaping.dll` component until a patch is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Blood Donor Management System version 1.0 **Description** The issue allows attackers to access all user data, delete users, add and manage Blood Group, and submit reports due to improper access restrictions to the "admin/dashboard.php" endpoint. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For PHPGurukul Blood Donor Management System version 1.0, consider restricting access to the "admin/dashboard.php" endpoint until a patch is available. As a temporary workaround, limit the functionality of the admin dashboard to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Record Management System using CodeIgniter version 1.0 **Description** The issue allows attackers to access and modify user data due to an access control problem in the /Admin/dashboard.php endpoint. **Recommendations** For Record Management System using CodeIgniter version 1.0, consider restricting access to the /Admin/dashboard.php endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Record Management System using CodeIgniter version 1.0 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Add Subject" page. **Recommendations** For Record Management System using CodeIgniter version 1.0, consider validating and sanitizing user input to prevent the injection of malicious payloads into the Add Subject page as a temporary workaround until a patch is available. Restrict access to the Add Subject page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Password Storage Application in PHP/OOP and MySQL version 1.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities can be exploited via the `Name`, `Username`, `Description`, and `Site Feature` parameters. **Recommendations** For version 1.0, consider validating and sanitizing user input for the `Name`, `Username`, `Description`, and `Site Feature` parameters to prevent XSS attacks. As a temporary workaround, restrict access to these parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Event Registration App version 1.0 **Description** The issue concerns multiple CSV injection vulnerabilities found in the Sourcecodester Event Registration App. These vulnerabilities are exploited via the `First Name`, `Contact`, and `Remarks` fields, allowing attackers to execute arbitrary code by using a crafted Excel file. **Recommendations** For Sourcecodester Event Registration App version 1.0, consider restricting input in the `First Name`, `Contact`, and `Remarks` fields to prevent CSV injection attacks until a patch is available. As a temporary workaround, avoid using these fields or limit their use to trusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clinic's Patient Management System version 1.0 **Description** The issue allows an attacker to upload an arbitrary PHP webshell via the profile picture upload functionality in `users.php`. This enables remote code execution. **Recommendations** For Clinic's Patient Management System version 1.0, consider disabling the profile picture upload functionality in `users.php` until a patch is available to prevent the upload of arbitrary PHP webshells. Restrict access to the `users.php` file to minimize the risk of exploitation. Avoid using the profile picture upload feature until the issue is resolved.