Vaibhav Gupta

**Name of the Vulnerable Software and Affected Versions** iomad versions prior to 4.5 LTS iomad versions prior to 5.0 **Description** A flaw exists in iomad that allows for remote execution of SQL injection attacks. The issue resides within an unknown function of the Company Admin Block component. Successful exploitation could allow an attacker to manipulate data. **Recommendations** Upgrade to version 4.5 LTS. Upgrade to version 5.0.

**Name of the Vulnerable Software and Affected Versions** Flyspray version 0.9.9.6 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an "admin.newuser" action to "index.php". **Recommendations** For Flyspray version 0.9.9.6, consider implementing CSRF protection mechanisms, such as tokens, to prevent unauthorized requests. As a temporary workaround, restrict access to the "admin.newuser" action in "index.php" to minimize the risk of exploitation.