Trysec

**Name of the Vulnerable Software and Affected Versions** code-projects Student Web Portal version 1.0 **Description** A flaw exists in code-projects Student Web Portal 1.0 that allows for remote execution of SQL injection. The issue is located in the file `/check user.php` and involves manipulation of the `Username` argument. The vulnerable component is an unknown function within this file. **Recommendations** Apply input validation and sanitization to the `Username` argument in the `/check user.php` file.

**Name of the Vulnerable Software and Affected Versions** DivvyDrive versions prior to 4.6.2.0 **Description** The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This allows for stored XSS attacks. A stored cross-site scripting vulnerability in DivvyDrive's `aciklama` parameter could allow anyone to gain users' session information. **Recommendations** For versions prior to 4.6.2.0, update to version 4.6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `aciklama` parameter to minimize the risk of exploitation.