:[Melkiy]:

**Name of the Vulnerable Software and Affected Versions** SiteX version 0.7.4 beta **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `albumid` parameter in the "photo.php" file. **Recommendations** For SiteX version 0.7.4 beta, avoid using the `albumid` parameter in the vulnerable "photo.php" file until a fix is available. Consider restricting access to "photo.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OneCMS version 2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The vulnerability can be exploited via the `user` parameter in an elite action in the `index.php` file. **Recommendations** For OneCMS version 2.5, consider enabling the `magic quotes gpc` setting to prevent SQL injection attacks. As a temporary workaround, restrict access to the `index.php` file or avoid using the `user` parameter in elite actions until a patch is available.