Wengui

**Name of the Vulnerable Software and Affected Versions** Halo versions up to 2.21.10 **Description** A flaw exists in Halo, specifically within the Configuration Handler component. This issue involves the processing of the `/actuator` file and can lead to information disclosure. The attack can be carried out remotely and is considered to be of high complexity with difficult exploitability. The exploit for this issue has been publicly disclosed. The vendor was informed about the disclosure but did not provide a response. **API Endpoints** `/actuator` **Recommendations** Versions prior to 2.21.10 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Human Metapneumovirus Testing Management System version 1.0 **Description** A critical issue has been found in the processing of the file /profile.php. The manipulation of the argument `aid/adminname/mobilenumber/email` leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the /profile.php file until a patch is available. Avoid using the arguments `aid`, `adminname`, `mobilenumber`, and `email` in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Human Metapneumovirus Testing Management System version 1.0 **Description** A problematic issue was found in the Admin Profile Page component, specifically in the /profile.php file. The `email` argument is vulnerable to cross-site scripting manipulation, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** For PHPGurukul Human Metapneumovirus Testing Management System version 1.0, consider restricting access to the /profile.php file until a patch is available. As a temporary workaround, avoid using the `email` argument in the affected Admin Profile Page component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Human Metapneumovirus Testing Management System version 1.0 **Description** A critical issue has been discovered in the Password Recovery Page component, specifically affecting the /password-recovery.php file. The manipulation of the `username` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Human Metapneumovirus Testing Management System version 1.0, as a temporary workaround, consider restricting access to the Password Recovery Page or disabling the password recovery functionality until a patch is available. Avoid using the `username` argument in the affected /password-recovery.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Human Metapneumovirus Testing Management System version 1.0 **Description** A critical vulnerability was found in the PHPGurukul Human Metapneumovirus Testing Management System. This issue affects unknown code of the file /check availability.php. The manipulation of the `mobnumber`/`employeeid` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/check availability.php` file until a patch is available. Avoid using the `mobnumber` and `employeeid` arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Pre-School Enrollment System versions up to 1.0 **Description** A critical issue was found in the system, affecting an unknown function of the file /admin/profile.php. The manipulation of the `fullname`, `emailid`, or `mobileNumber` arguments leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Pre-School Enrollment System versions up to 1.0, consider restricting access to the /admin/profile.php file until a fix is available. As a temporary workaround, avoid using the `fullname`, `emailid`, and `mobileNumber` arguments in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Pre-School Enrollment System version 1.0 **Description** A critical issue affects some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler, leading to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the /admin/add-subadmin.php file until a patch is available. Restrict access to the Sub Admin Handler component to minimize the risk of exploitation. Avoid using the affected functionality of the Sub Admin Handler component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Library Management System version 3.0 **Description** A vulnerability was found in the PHPGurukul Online Library Management System, affecting an unknown functionality of the file /change-password.php. The manipulation of the `email/phone number` argument leads to weak password recovery. The attack can be launched remotely, with a rather high complexity, making exploitation difficult. **Recommendations** For PHPGurukul Online Library Management System version 3.0, consider disabling the password recovery function in the /change-password.php file until a patch is available. Restrict access to the /change-password.php file to minimize the risk of exploitation. Avoid using the `email/phone number` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Pre-School Enrollment System version 1.0 **Description** A critical vulnerability was found in PHPGurukul Pre-School Enrollment System. The issue affects an unknown functionality of the file /admin/index.php. Manipulation of the `username` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For PHPGurukul Pre-School Enrollment System version 1.0, as a temporary workaround, consider restricting access to the `/admin/index.php` file until a patch is available. Avoid using the `username` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.