Topsky979

**Name of the Vulnerable Software and Affected Versions** Mini Inventory and Sales Management System version commit 18aa3d **Description** A cross-site scripting (XSS) issue in the /email/welcome.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Title` parameter. This enables the execution of malicious code on the victim's browser. **Recommendations** For Mini Inventory and Sales Management System version commit 18aa3d, consider restricting access to the /email/welcome.php component until a patch is available. As a temporary workaround, avoid using the `Title` parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotel Management System (affected versions not specified) **Description** A Cross-Site Request Forgery (CSRF) issue in the `admin room added.php` component of the Hotel Management System allows attackers to escalate privileges. This issue is related to commit `91caab8`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School Management System version bae5aa **Description** A SQL injection issue was discovered in the School Management System, allowing unauthorized data access and manipulation via the `sid` parameter at the "/search.php?action=2" endpoint. This issue can be exploited to gain unauthorized access to sensitive data. **Recommendations** For School Management System version bae5aa, patch the system immediately and review logs for signs of exploit to minimize the risk of data manipulation. As a temporary workaround, consider restricting access to the "/search.php?action=2" endpoint until a patch is available. Avoid using the `sid` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Hotel Management System (affected versions not specified) **Description** A Cross-Site Request Forgery (CSRF) issue in the `admin room removed.php` component of the Hotel Management System allows attackers to escalate privileges. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotel Management System version commit 91caab8 **Description** The issue is a SQL injection vulnerability via the `room type` parameter at the "admin room removed.php" endpoint. This vulnerability allows for potential exploitation. **Recommendations** For Hotel Management System version commit 91caab8, consider restricting access to the "admin room removed.php" endpoint until a patch is available. As a temporary workaround, avoid using the `room type` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotel Management System (affected versions not specified) **Description** A Cross-Site Request Forgery (CSRF) issue in the `admin modify room.php` component of the Hotel Management System allows attackers to escalate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotel Management System version commit 91caab8 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `book id` parameter at the "admin modify room.php" endpoint. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Hotel Management System version commit 91caab8, consider restricting access to the "admin modify room.php" endpoint until a patch is available. As a temporary workaround, avoid using the `book id` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blood Bank And Donation Management System (affected versions not specified) **Description** A cross-site scripting (XSS) vulnerability in the component `update page details.php` allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Page Details` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pharmacy Management System version a2efc8 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `invoice number` parameter at the "sales report.php" endpoint. **Recommendations** For version a2efc8, consider restricting access to the "sales report.php" endpoint until a patch is available. As a temporary workaround, avoid using the `invoice number` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pharmacy Management System version a2efc8 **Description** The issue is a SQL injection vulnerability. It can be exploited via the `invoice number` parameter at the "preview.php" endpoint. **Recommendations** For version a2efc8, consider restricting access to the "preview.php" endpoint until a patch is available. As a temporary workaround, avoid using the `invoice number` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ERP commit 44bd04 **Description** An arbitrary file upload vulnerability allows attackers to execute arbitrary code via uploading a crafted HTML file. **Recommendations** For ERP commit 44bd04, consider restricting the upload functionality to prevent the execution of arbitrary code until a patch is available. As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ERP (affected versions not specified) **Description** A SQL injection vulnerability was discovered in ERP commit 44bd04. The issue is related to the `id` parameter at the "/index.php/basedata/inventory/delete?action=delete" endpoint. This allows for potential SQL injection attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ERP version 44bd04 **Description** A SQL injection issue was discovered via the `id` parameter at the "/index.php/basedata/contact/delete?action=delete" endpoint. This allows for potential exploitation. **Recommendations** For ERP version 44bd04, consider restricting access to the "/index.php/basedata/contact/delete?action=delete" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** School Management System (affected versions not specified) **Description** The issue is related to a SQL injection vulnerability. It occurs via the `password` parameter at the "login.php" endpoint. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotel Management System (affected versions not specified) **Description** A SQL injection vulnerability was discovered in the Hotel Management System via the `room type` parameter at the "admin room added.php" endpoint. This issue allows for potential SQL injection attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School Management System (affected versions not specified) **Description** A SQL injection issue was discovered in the School Management System, specifically via the `transport` parameter at the "vehicle.php" endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School Management System (affected versions not specified) **Description** The issue is related to a SQL injection vulnerability. It occurs via the `medium` parameter at the "paidclass.php" endpoint. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School Management System (affected versions not specified) **Description** A SQL injection issue was found in the School Management System via the `medium` parameter at the "admininsert.php" endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School Management System (affected versions not specified) **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `medium` parameter at the "insertattendance.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotel Management System version 91caab8 **Description** A SQL injection vulnerability was discovered in the Hotel Management System via the `book id` parameter at the "admin room history.php" endpoint. This issue allows for potential unauthenticated remote exploitation. Administrators should review logs for signs of compromise. **Recommendations** For Hotel Management System version 91caab8, consider disabling access to the "admin room history.php" endpoint until a patch is available. Restrict the use of the `book id` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.