Wawan Firmansyah

**Name of the Vulnerable Software and Affected Versions** Sisfo Kampus version 0.8 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `exec` parameter to "index.php" or the `print` parameter to "print.php", which is also accessible via the print command to "index.php". **Recommendations** For Sisfo Kampus version 0.8, consider restricting access to the `exec` parameter in "index.php" and the `print` parameter in "print.php" to minimize the risk of exploitation. Additionally, avoid using the print command to "index.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sisfo Kampus version 0.8 **Description** The issue allows remote attackers to list arbitrary directories via an absolute pathname in the `dir` parameter in the "download.php" file. This is a directory traversal vulnerability. **Recommendations** For Sisfo Kampus version 0.8, restrict access to the "download.php" file to minimize the risk of exploitation. Avoid using absolute pathnames in the `dir` parameter until the issue is resolved.