Wacool

**Name of the Vulnerable Software and Affected Versions** rickxy Hospital Management System versions prior to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4 **Description** An unrestricted file upload issue exists in the admin panel. The problem occurs in the file '/backend/admin/his admin account.php' where manipulation of the `ad dpic` argument allows remote attackers to upload files without restrictions. **Recommendations** Update to a version later than 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. As a temporary workaround, restrict access to the file '/backend/admin/his admin account.php' or avoid using the `ad dpic` argument.

Name of the Vulnerable Software and Affected Versions tushar-2223 Hotel Management System versions up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 Description A SQL injection issue exists in tushar-2223 Hotel Management System. The vulnerability is located in the `/admin/roomdelete.php` file, where manipulation of the `ID` argument can lead to SQL injection. Remote exploitation is possible. Recommendations Update to a version beyond bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A security issue exists in itsourcecode Student Management System 1.0 related to the processing of the file '/enrollment/index.php'. Manipulation of the `ID` argument can lead to SQL injection, allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.