Shubhamvpandey

**Name of the Vulnerable Software and Affected Versions** ProjectWorlds Hospital Management System version 1.0 **Description** A SQL injection issue exists in the login page, allowing a remote attacker to compromise the application's SQL database. **Recommendations** For ProjectWorlds Hospital Management System version 1.0, consider disabling the login functionality until a patch is available to prevent potential SQL injection attacks. Restrict access to the login page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EGavilan Media User-Registration-and-Login-System-With-Admin-Panel version 1.0 **Description** The issue allows a remote attacker to compromise the application's SQL database via SQL Injection in the `profile action` - `update user` function. This can lead to unauthorized access and manipulation of the database. **Recommendations** For EGavilan Media User-Registration-and-Login-System-With-Admin-Panel version 1.0, consider restricting access to the `profile action` - `update user` function until a patch is available to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** EGavilan Media Contact-Form-With-Messages-Entry-Management version 1.0 **Description** The issue allows a remote attacker to compromise the application's SQL database via SQL Injection in the Addmessage.php file. This can be exploited by sending malicious input to the `Addmessage.php` endpoint, potentially allowing access to sensitive data. **Recommendations** For EGavilan Media Contact-Form-With-Messages-Entry-Management version 1.0, consider disabling the `Addmessage.php` file or restricting access to it until a patch is available to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** EGavilan Media Expense-Management-System version 1.0 **Description** The issue allows a remote attacker to compromise the application's SQL database via SQL Injection. This is possible through the "/expense action.php" API endpoint. **Recommendations** For EGavilan Media Expense-Management-System version 1.0, consider restricting access to the "/expense action.php" endpoint until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.