Practice

Name of the Vulnerable Software and Affected Versions DefaultFuction Content-Management-System versão 1.0 Description Uma falha de segurança foi descoberta no DefaultFuction Content-Management-System versão 1.0, envolvendo o processamento do arquivo `/admin/tools.php`. A manipulação do argumento `host` pode levar à injeção de comandos, permitindo a execução remota de ataques. O exploit foi divulgado publicamente. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** DefaultFuction Jeson-Customer-Relationship-Management-System (affected versions not specified) **Description** A security issue has been identified in the API Module component of DefaultFuction Jeson-Customer-Relationship-Management-System. Manipulation of the `url` argument in an unknown function within the `/api/System.php` file can lead to server-side request forgery (SSRF). The attack can be initiated remotely. The exploit has been publicly disclosed. Continuous delivery with rolling releases is used, therefore specific version details of affected or updated releases are unavailable. **Recommendations** Install a patch to address this issue.

**Name of the Vulnerable Software and Affected Versions** DefaultFuction Jeson Customer Relationship Management System version 1.0.0 **Description** A SQL injection issue exists in DefaultFuction Jeson Customer Relationship Management System version 1.0.0. The issue is located in the `/modules/customers/edit.php` file. Manipulation of the `ID` argument can lead to SQL injection. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Install the patch f0e991870e9d33701cca3a1d0fd4eec135af01a6 to address this issue.