Shubham Pandey

**Name of the Vulnerable Software and Affected Versions** Employee Management System version 1.0 **Description** The issue allows attackers to run arbitrary SQL commands via the `admin id` parameter in "update-admin.php". This can potentially lead to unauthorized access and manipulation of database content. **Recommendations** For Employee Management System version 1.0, consider restricting access to the "update-admin.php" endpoint until a patch is available. As a temporary workaround, avoid using the `admin id` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Petrol Pump Management Software version 1.0 **Description** The issue allows an attacker to execute arbitrary code via a crafted payload to the `Address` parameter in the "add invoices.php" component. This enables the attacker to perform Cross Site Scripting attacks. **Recommendations** For Petrol Pump Management Software version 1.0, consider restricting access to the "add invoices.php" component until a patch is available, and avoid using the `Address` parameter in this component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Petrol Pump Management Software version 1.0 **Description** The issue allows an attacker to execute arbitrary code via a crafted payload to the `image` parameter in the "profile.php" component. This is a Cross Site Scripting vulnerability. **Recommendations** For Petrol Pump Management Software version 1.0, consider disabling the `image` parameter in the profile.php component until a patch is available. Restrict access to the profile.php component to minimize the risk of exploitation. Avoid using the `image` parameter in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Petrol Pump Mangement Software version 1.0 **Description** The issue allows an attacker to execute arbitrary code via a crafted payload to the `email address` parameter in the "index.php" component. This enables the attacker to inject malicious SQL code, potentially leading to unauthorized access or data manipulation. **Recommendations** For Petrol Pump Mangement Software version 1.0, consider restricting access to the "index.php" component to minimize the risk of exploitation. As a temporary workaround, avoid using the `email address` parameter in the affected component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Petrol Pump Management Software version 1.0 **Description** The issue allows an attacker to execute arbitrary code via a crafted payload to the `email Image` parameter in the `profile.php` component. This is a File Upload vulnerability. **Recommendations** For Petrol Pump Management Software version 1.0, as a temporary workaround, consider restricting access to the `profile.php` component to minimize the risk of exploitation. Avoid using the `email Image` parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESDS Emagic Data Center Management Suit (affected versions not specified) **Description** The issue is caused by a lack of input sanitization in the Ping component of the ESDS Emagic Data Center Management Suit. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system, potentially allowing the execution of arbitrary code on the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" **Description** The issue is related to Cross-Site Scripting (XSS) and can be exploited via the admin->Maintenance>Device Management section. This allows for potential malicious script execution. **Recommendations** For Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42", consider restricting access to the admin->Maintenance>Device Management section until a fix is available. As a temporary workaround, avoid using the Device Management feature in the Maintenance section of the admin interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.