Sospiro

**Name of the Vulnerable Software and Affected Versions** Hospital Management System version 1.0 **Description** The issue allows attackers to manipulate user parameters for unauthorized access and modifications via a crafted POST request to "/patient/edit-user.php". This is related to an Insecure Direct Object References (IDOR) vulnerability. **Recommendations** For Hospital Management System version 1.0, as a temporary workaround, consider restricting access to the "/patient/edit-user.php" endpoint until a patch is available. Avoid using user parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Doctor Appointment Management System version 1.0 **Description** A critical issue has been found in the PHPGurukul Doctor Appointment Management System, affecting some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the `editid` argument leads to improper control of resource identifiers. The attack can be launched remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For PHPGurukul Doctor Appointment Management System version 1.0, as a temporary workaround, consider restricting access to the /doctor/view-appointment-detail.php file until a patch is available. Avoid using the `editid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Doctor Appointment Management System version 1.0 **Description** A problematic issue was found in the PHPGurukul Doctor Appointment Management System, affecting an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the `fromdate` and `todate` arguments leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For PHPGurukul Doctor Appointment Management System version 1.0, consider disabling the functionality related to the `appointment-bwdates-reports-details.php` file until a patch is available. Restrict access to the arguments `fromdate` and `todate` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PuneethReddyHC Event Management version 1.0 **Description** The issue allows attackers to run arbitrary SQL commands via the `event id` parameter in a crafted POST request to the "/event-management-master/backend/register.php" API endpoint. This enables attackers to potentially extract or modify sensitive data. **Recommendations** For version 1.0, consider disabling the `event id` parameter in the "/event-management-master/backend/register.php" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `event id` parameter in crafted POST requests to this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PuneethReddyHC Event Management version 1.0 **Description** A problematic vulnerability has been found in the software. The issue affects an unknown function of the file /backend/register.php. The manipulation of the arguments `event id`, `full name`, `email`, `mobile`, `college`, or `branch` leads to cross-site scripting. It is possible to launch the attack remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For PuneethReddyHC Event Management version 1.0, as a temporary workaround, consider restricting access to the /backend/register.php file until a patch is available. Avoid using the arguments `event id`, `full name`, `email`, `mobile`, `college`, or `branch` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Computer Laboratory Management System version 1.0 **Description** A vulnerability was found in the SourceCodester Computer Laboratory Management System, affecting unknown code of the file /classes/SystemSettings.php?f=update settings. The manipulation of the `name` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For version 1.0, consider disabling access to the /classes/SystemSettings.php?f=update settings file until a patch is available. Restrict the manipulation of the `name` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Computer Laboratory Management System version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Computer Laboratory Management System. This issue affects an unknown part of the file config.php. The manipulation of the `url` argument leads to execution after redirect, allowing for remote initiation of the attack. The exploit has been disclosed to the public. **Recommendations** For version 1.0, consider restricting access to the config.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `url` argument in sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Image Accordion Gallery App version 1.0 **Description** A critical issue affects the /endpoint/add-image.php file, where the manipulation of the `image name` argument leads to unrestricted upload. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For SourceCodester Image Accordion Gallery App version 1.0, consider restricting access to the /endpoint/add-image.php file until a fix is available. As a temporary workaround, limit the upload functionality to prevent unrestricted file uploads. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Computer Laboratory Management System version 1.0 **Description** A critical issue has been found in the function `save users` of the file /classes/Users.php?f=save, where the manipulation of the argument `id` leads to improper authorization. The attack can be launched remotely. **Recommendations** For SourceCodester Computer Laboratory Management System version 1.0, consider disabling the `save users` function until a patch is available to prevent improper authorization. Restrict access to the /classes/Users.php?f=save file to minimize the risk of exploitation. Avoid using the argument `id` in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Computer Laboratory Management System version 1.0 **Description** A problematic issue was found in the system, affecting an unknown part of the file /classes/Users.php?f=save. The manipulation of the `middlename` argument leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For version 1.0, consider disabling the `middlename` argument in the /classes/Users.php?f=save file as a temporary workaround until a patch is available. Restrict access to the affected file to minimize the risk of exploitation. Avoid using the `middlename` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Phpgurukul User Registration & Login and User Management System version 3.1 **Description** The issue is related to user input validation in the bwdates-report-result.php file. It retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks. **Recommendations** For Phpgurukul User Registration & Login and User Management System version 3.1, consider validating all user-provided inputs, especially date inputs, to prevent SQL injection attacks. As a temporary workaround, restrict access to the bwdates-report-result.php file until a proper fix is applied.