Shouvik Dutta

**Name of the Vulnerable Software and Affected Versions** phpgurukul Vehicle Record Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `searchinputdata` parameter at the "/index.php" API endpoint. **Recommendations** For phpgurukul Vehicle Record Management System version 1.0, consider restricting access to the `/index.php` API endpoint or avoiding the use of the `searchinputdata` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpgurukul Bus Pass Management System version 1.0 **Description** The issue is a Cross-site scripting (XSS) vulnerability found in the /admin/pass-bwdates-reports-details.php file via `fromdate` and `todate` parameters. This allows for potential malicious script injection. **Recommendations** For phpgurukul Bus Pass Management System version 1.0, consider disabling access to the /admin/pass-bwdates-reports-details.php file until a patch is available. As a temporary workaround, restrict the use of the `fromdate` and `todate` parameters in the affected API endpoint to minimize the risk of exploitation.