Satuer

**Name of the Vulnerable Software and Affected Versions** flatCore versions prior to 1.5 **Description** A CSRF issue was discovered, allowing the upload of arbitrary .php files via the "acp/core/files.upload-script.php" endpoint. **Recommendations** For versions prior to 1.5, update to version 1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CSZ CMS version 1.2.2 **Description** The issue allows for SQL injection by sending a crafted HTTP User-Agent header and omitting the `csrf csz` parameter in the `core/MY Security.php` file. **Recommendations** For CSZ CMS version 1.2.2, as a temporary workaround, consider restricting access to the `member/login/check` endpoint until a patch is available. Avoid using the `csrf csz` parameter omission in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.