Vasilvk

**Name of the Vulnerable Software and Affected Versions** phpgurukul Online Banquet Booking System version 1.2 **Description** The issue allows an attacker to execute arbitrary code via the "/obbs/change-password.php" file of the My Account - Change Password component. This could potentially lead to unauthorized access and control of the system. **Recommendations** For phpgurukul Online Banquet Booking System version 1.2, consider disabling access to the "/obbs/change-password.php" file until a patch is available to prevent arbitrary code execution. Restrict access to the My Account - Change Password component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul User Registration & Login and User Management System version 3.3 **Description** A critical issue was found in the /loginsystem/change-password.php file of the user panel's Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover. **Recommendations** For PHPGurukul User Registration & Login and User Management System version 3.3, consider disabling the Change Password component until a patch is available to prevent session hijacking attacks. Restrict access to the /loginsystem/change-password.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.