Riamloo

**Name of the Vulnerable Software and Affected Versions** E Learning Script version 1.0 **Description** The software contains an authentication bypass that allows unauthorized access to the dashboard without valid credentials. This is achieved by manipulating login parameters in the `/login.php` file. Specifically, a crafted payload of `'=''or'` bypasses authentication. **Recommendations** Apply a fix to the `/login.php` file to prevent authentication bypass through manipulated login parameters.

**Name of the Vulnerable Software and Affected Versions** BloodX version 1.0 **Description** An authentication bypass exists in the 'login.php' endpoint. Attackers can gain unauthorized access to the dashboard without valid credentials by sending a crafted payload using the `=''or` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.