Sniffedpcs

**Name of the Vulnerable Software and Affected Versions** Garage Management System version 1.0 **Description** The issue is related to a lack of filtering in the file upload function, allowing an attacker to upload a PHP Reverse Shell and gain Remote Code Execution (RCE) during the process of adding parts. **Recommendations** For Garage Management System version 1.0, consider disabling the file upload function until a patch is available to prevent exploitation. Restrict access to the upload functionality to minimize the risk of RCE attacks. Avoid using the file upload feature in the parts addition process until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Garage Management System version 1.0 **Description** A stored cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `name` parameter in the "/client.php" API endpoint. **Recommendations** For Garage Management System version 1.0, consider disabling the `/client.php` endpoint or restricting access to it until a fix is available, and avoid using the `name` parameter in this endpoint to minimize the risk of exploitation.