Carlcjo

**Name of the Vulnerable Software and Affected Versions** yzmcms version 5.6 **Description** The issue allows remote attackers to escalate privileges and gain sensitive information. This is achieved through a Cross Site Request Forgery (CSRF) vulnerability, specifically at the "sitemodel/add.html" endpoint. **Recommendations** For yzmcms version 5.6, consider implementing proper CSRF token validation to prevent unauthorized requests to the "sitemodel/add.html" endpoint. As a temporary workaround, restrict access to this endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gila CMS versions prior to 1.11.1 **Description** The issue allows directory traversal, leading to Local File Inclusion via the admin/fm/?f=../ endpoint. **Recommendations** For versions prior to 1.11.1, update to version 1.11.1 or later to resolve the issue.