Ugurkarakoc

**Name of the Vulnerable Software and Affected Versions** Online Nurse Hiring System version 1.0 **Description** A stored cross-site scripting (XSS) issue in the /admin/profile.php component allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `fullname` parameter. This enables the execution of malicious scripts or HTML code. **Recommendations** For Online Nurse Hiring System version 1.0, consider disabling access to the /admin/profile.php component until a patch is available, and restrict the use of the `fullname` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Online Nurse Hiring System version 1.0 **Description** A SQL injection issue was discovered in the /admin/profile.php component through the `fullname` parameter. This allows for potential exploitation. **Recommendations** For Online Nurse Hiring System version 1.0, consider disabling access to the /admin/profile.php component until a patch is available. Restrict input for the `fullname` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Nurse Hiring System version 1.0 **Description** The issue is related to multiple SQL injection vulnerabilities found in the /admin/add-nurse.php component of the system. These vulnerabilities can be exploited via the `gender` and `emailid` parameters. **Recommendations** For Online Nurse Hiring System version 1.0, consider disabling access to the /admin/add-nurse.php component until a patch is available. As a temporary workaround, restrict the use of the `gender` and `emailid` parameters in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpgurukul Online Nurse Hiring System version 1.0 **Description** A SQL injection issue was found in the /admin/index.php endpoint of the phpgurukul Online Nurse Hiring System, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database via the `username` parameter. **Recommendations** For phpgurukul Online Nurse Hiring System version 1.0, consider disabling access to the /admin/index.php endpoint until a patch is available, and restrict the use of the `username` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.