Yosheep

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Small CRM version 4.0 **Description** A flaw exists in PHPGurukul Small CRM 4.0 within an unknown functionality of the `/registration.php` file. Manipulation of the `Username` parameter can lead to cross-site scripting, allowing for remote attacks. The exploit has been published. **Recommendations** Apply any available updates or patches for PHPGurukul Small CRM version 4.0. As a temporary workaround, sanitize or restrict the input accepted by the `Username` parameter in the `/registration.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Hotel Reservation System version 1.0 **Description** A SQL injection issue exists in the file `/admin/edituser.php`. Manipulation of the `userid` argument may allow for remote exploitation. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/edituser.php` file to minimize the risk of exploitation. Avoid using the `userid` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel Reservation System version 1.0 **Description** A security flaw has been discovered that allows for remote SQL injection via manipulation of the `address` argument in the file `/admin/updateabout.php`. The exploit has been released to the public and may be exploited. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/updateabout.php` file until a patch is available. Sanitize the `address` input before using it in SQL queries.