Slackero

**Name of the Vulnerable Software and Affected Versions** slackero phpwcms versions 1.9.26 and earlier **Description** A critical issue was found in the software, affecting some unknown functionality. The manipulation of the argument `$phpwcms['db prepend']` leads to SQL injection. The attack can be launched remotely. **Recommendations** For versions 1.9.26 and earlier, upgrade to version 1.9.27 to address this issue. As a temporary workaround, consider restricting the use of the `$phpwcms['db prepend']` argument until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** slackero phpwcms versions up to 1.9.26 **Description** A vulnerability was found in the SVG File Handler component of slackero phpwcms, which can be exploited to lead to cross site scripting. The manipulation can be initiated remotely. **Recommendations** For versions up to 1.9.26, upgrade to version 1.9.27 to address this issue.