Xu-17

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3 Description: A vulnerability exists in cdevroe unmark, potentially allowing for cross site scripting. The issue involves unknown processing of the file `/application/controllers/Marks.php`. Manipulation of the `Title` argument can lead to exploitation. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: eCharge Hardy Barth Salia PLCC version 2.2.0 Description: A security flaw exists in eCharge Hardy Barth Salia PLCC 2.2.0 related to unrestricted upload. The issue affects processing of the file `/api.php`. Manipulation of the `setrfidlist` argument allows for unrestricted upload and may be performed remotely. The exploit has been publicly released. The vendor was contacted but did not respond. Recommendations: As a temporary workaround, consider restricting access to the `/api.php` file. Avoid using the `setrfidlist` argument in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A cross site scripting issue exists in MiczFlor RPi-Jukebox-RFID. The vulnerability affects unknown code within the `/htdocs/userScripts.php` file. Manipulation of the `Custom script` argument can lead to exploitation. The attack can be carried out remotely. Recommendations: Versions prior to 2.8.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WhatCD Gazelle versions prior to 63b337026d49b5cf63ce4be20fdabdc880112fa3 Description: A vulnerability exists in WhatCD Gazelle that allows for cross-site scripting. The issue is located in an unknown function within the `/sections/tools/managers/change log.php` file of the Commit Message Handler component. Manipulation of the `Message` argument can be used to perform the attack remotely. The exploit has been publicly disclosed. Recommendations: Update WhatCD Gazelle to a version prior to 63b337026d49b5cf63ce4be20fdabdc880112fa3.

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3 Description: A vulnerability exists in cdevroe unmark up to version 1.9.3. The issue affects an unknown part of the file `/application/controllers/Marks.php` and allows for server-side request forgery through manipulation of the `url` argument. This attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond. Recommendations: Update cdevroe unmark to a version later than 1.9.3. As a temporary workaround, restrict or disable access to the `/application/controllers/Marks.php` file. Avoid using the `url` parameter in the affected file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3 Description: A flaw has been found in cdevroe unmark. This issue affects unknown code within the `application/views/layouts/topbar/searchform.php` file. Manipulation of the `q` parameter can lead to cross-site scripting. Remote exploitation is possible. The exploit has been published. Recommendations: Update cdevroe unmark to a version later than 1.9.3.

**Name of the Vulnerable Software and Affected Versions** codesiddhant Jasmin Ransomware version 1.0.1 **Description** A critical vulnerability was found in codesiddhant Jasmin Ransomware. The issue affects an unknown function of the file /checklogin.php. The manipulation of the `username` and `password` arguments leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** As a temporary workaround, consider disabling the affected function in the /checklogin.php file until a patch is available. Restrict access to the /checklogin.php file to minimize the risk of exploitation. Avoid using the `username` and `password` arguments in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** codesiddhant Jasmin Ransomware versions up to 1.0.1 **Description** A critical vulnerability has been found in codesiddhant Jasmin Ransomware, affecting an unknown functionality of the file /dashboard.php. The manipulation of the `Search` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For codesiddhant Jasmin Ransomware versions up to 1.0.1, as a temporary workaround, consider disabling access to the /dashboard.php file or restricting the use of the `Search` argument until a patch is available. Avoid using the `Search` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Hospital Management System version 1.0 **Description** A critical vulnerability was found in the Campcodes Hospital Management System. The issue affects an unknown function of the file /admin/registration.php. The manipulation of the `full name` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Campcodes Hospital Management System version 1.0, consider disabling the /admin/registration.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `full name` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Campcodes Hospital Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown functionality of the file /registration.php. The manipulation of the `full name` and `username` arguments leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Campcodes Hospital Management System version 1.0, consider restricting access to the /registration.php file until a patch is available. As a temporary workaround, avoid using the `full name` and `username` arguments in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Fire Reporting System version 1.2 **Description** A critical issue was found in the PHPGurukul Online Fire Reporting System. This issue affects the file `/admin/edit-team.php` and is related to the manipulation of the `teamid` argument, leading to SQL injection. The attack can be initiated remotely. **Recommendations** For PHPGurukul Online Fire Reporting System version 1.2, consider restricting access to the `/admin/edit-team.php` file until a patch is available. As a temporary workaround, avoid using the `teamid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Hospital Management System version 1.0 **Description** A critical issue was found in the system, affecting some unknown functionality of the file /user-login.php. The manipulation of the `Username` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Campcodes Hospital Management System version 1.0, consider restricting access to the /user-login.php file until a patch is available. As a temporary workaround, avoid using the `Username` argument in the affected file to minimize the risk of exploitation.