Jackkong1

**Name of the Vulnerable Software and Affected Versions** LuLu CMS versions prior to 2015-05-14 **Description** An issue was discovered that allows arbitrary file upload. This is achieved by entering a filename, directory name, and PHP code into the three text input fields in the backendmodulesfilemanagercontrollersDefaultController.php file. **Recommendations** For versions prior to 2015-05-14, restrict access to the backendmodulesfilemanagercontrollersDefaultController.php file to minimize the risk of exploitation. As a temporary workaround, consider disabling the file upload functionality in the DefaultController.php file until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** Fiyo CMS version 2.0.7 **Description** The issue is related to a security problem where an attacker can inject malicious code. The `name` parameter in the "dapurappsapp useredit user.php" endpoint is vulnerable. **Recommendations** For Fiyo CMS version 2.0.7, avoid using the `name` parameter in the "dapurappsapp useredit user.php" endpoint until the issue is resolved.