Chiaki2333

**Name of the Vulnerable Software and Affected Versions** smpn1smg absis versions 2017-10-19 and earlier **Description** The issue allows a remote attacker to execute arbitrary code via the `user` parameter in the "lock/lock.php" file. This is a result of a Cross Site Scripting vulnerability. **Recommendations** For versions 2017-10-19 and earlier, consider restricting access to the lock/lock.php file to minimize the risk of exploitation. Avoid using the `user` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** smpn1smg absis versions 2017-10-19 and earlier **Description** The issue allows a remote attacker to execute arbitrary code via the `nama` parameter in the "lock/lock.php" file. This is a Cross Site Scripting vulnerability. **Recommendations** For versions 2017-10-19 and earlier, avoid using the `nama` parameter in the affected file until the issue is resolved. As a temporary workaround, consider restricting access to the lock/lock.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 32ns KLive versions 2019-1-19 and earlier **Description** The issue allows a remote attacker to obtain sensitive information via a crafted script to the "web/user.php" component. This is achieved through a SQL Injection attack, which enables the attacker to manipulate database queries. **Recommendations** For versions 2019-1-19 and earlier, consider restricting access to the "web/user.php" component until a fix is available. As a temporary workaround, avoid using user-input data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tianchoy Blog version 1.8.8 **Description** A SQL Injection issue allows a remote attacker to obtain sensitive information via the `id` parameter in the "login.php" API endpoint. **Recommendations** For Tianchoy Blog version 1.8.8, avoid using the `id` parameter in the "login.php" endpoint until the issue is resolved. Consider temporarily restricting access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.