Romain Penloup

**Name of the Vulnerable Software and Affected Versions** Geomatika IsiGeo Web version 6.0 **Description** The issue allows remote authenticated users to obtain sensitive database content via SQL Injection. **Recommendations** For Geomatika IsiGeo Web version 6.0, consider restricting access to sensitive database content until a patch is available. As a temporary workaround, avoid using user-input data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Geomatika IsiGeo Web version 6.0 **Description** An issue was discovered that allows remote authenticated users to execute commands. **Recommendations** For Geomatika IsiGeo Web version 6.0, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Geomatika IsiGeo Web version 6.0 **Description** The issue allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. **Recommendations** For Geomatika IsiGeo Web version 6.0, consider restricting access to sensitive PHP files until a patch is available. As a temporary workaround, limit the functionality that allows remote authenticated users to retrieve files from the server. At the moment, there is no information about a newer version that contains a fix for this issue.