Mefisto

**Name of the Vulnerable Software and Affected Versions** com news portal versions 1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Itemid` parameter to the "index.php" endpoint. **Recommendations** For versions 1.0 and earlier, consider restricting access to the `Itemid` parameter in the "index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FlashBlog version 0.31 beta **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to execute arbitrary code by uploading a .php file to the admin/Editor/imgupload.php endpoint, and then accessing it via a direct request to the file in tus imagenes/. **Recommendations** For FlashBlog version 0.31 beta, restrict access to the admin/Editor/imgupload.php endpoint to prevent unauthorized file uploads, and remove any already uploaded malicious files from the tus imagenes/ directory.