Tale

Nome do Software Vulnerável e Versões Afetadas: PowerCreator CMS versão 1.0 Descrição: Foi identificada uma vulnerabilidade crítica no PowerCreator CMS, afetando uma função desconhecida do arquivo /OpenPublicCourse.aspx. A manipulação do argumento `cid` resulta em injeção de SQL. É possível realizar o ataque remotamente. Recomendações: Para o PowerCreator CMS versão 1.0, como medida temporária, considere restringir o acesso ao arquivo /OpenPublicCourse.aspx até que um patch esteja disponível. Evite usar o argumento `cid` no arquivo afetado para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Name of the Vulnerable Software and Affected Versions** UCMS version 1.6.0 **Description** A problematic issue was found in the file saddpost.php of the component Column Configuration. The manipulation of the `strorder` argument leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For UCMS version 1.6.0, consider disabling the `strorder` argument in the affected file saddpost.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hsycms version 3.1 **Description** A problematic issue has been found in the file controllercate.php of the component Add Category Module. The manipulation of the `title` argument leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Hsycms version 3.1, as a temporary workaround, consider restricting the use of the `title` argument in the affected module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** UCMS version 1.6 **Description** A critical issue affects the System File Management Module, specifically the file sadmin/fileedit.php, allowing for unrestricted upload due to the manipulation of the `file` argument. This can be initiated remotely. **Recommendations** For UCMS version 1.6, consider restricting access to the sadmin/fileedit.php file and the System File Management Module to minimize the risk of exploitation. Avoid using the `file` argument in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.