E11Usion

**Name of the Vulnerable Software and Affected Versions** baijiacms version 4.1.4 **Description** The issue allows attackers to change the password or other information of an arbitrary account via "index.php". This is a Cross Site Request Forgery (CSRF) vulnerability, which occurs when an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For baijiacms version 4.1.4, as a temporary workaround, consider restricting access to the "index.php" endpoint until a patch is available. Avoid using this endpoint for sensitive operations, such as password changes, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nitinparashar30 cms-corephp versions through commit bdabe52ef282846823bda102728a35506d0ec8f9 **Description** The issue allows unauthenticated attackers to gain escalated privileges via a crafted login, exploiting a SQL Injection vulnerability. **Recommendations** For nitinparashar30 cms-corephp versions through commit bdabe52ef282846823bda102728a35506d0ec8f9, consider disabling the login functionality until a patch is available to prevent exploitation of the SQL Injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.