Guilherme Assmann

**Name of the Vulnerable Software and Affected Versions** Harmis Ek rishta (aka ek-rishta) version 2.10 **Description** The issue allows SQL Injection via the PATH INFO to a home/requested user/Sent%20interest/ URI in the router.php file. **Recommendations** For version 2.10, consider restricting access to the router.php file until a patch is available. Avoid using the PATH INFO to a home/requested user/Sent%20interest/ URI in the affected component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SugarCRM version 3.5.1 Description: The issue is related to a XSS problem. It occurs via a parameter name in the query string, specifically through the `$key` variable in the phprint.php file. Recommendations: For SugarCRM version 3.5.1, consider restricting access to the phprint.php file until a patch is available, and avoid using user-supplied input for the `$key` variable to minimize the risk of exploitation.