Yoshik0Xf6

**Nome do Software Vulnerável e Versões Afetadas** Plataforma ITC Systems Multiplan/Matrix OneCard versão 3.7.4.1002 **Descrição** O problema está relacionado a uma vulnerabilidade de injeção de SQL. Afeta o componente Forgotpassword.aspx. **Recomendações** Para a versão 3.7.4.1002, considere restringir o acesso ao componente Forgotpassword.aspx até que um patch esteja disponível. Evite utilizar o componente Forgotpassword.aspx para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** Tikit (now Advanced) eMarketing platform version 6.8.3.0 **Description** A Directory Traversal (Local File Inclusion) issue allows a remote attacker to read arbitrary files and obtain sensitive information. This is achieved by sending a crafted payload to the `OpenLogFile` endpoint, specifically targeting the `filename` parameter. **Recommendations** For version 6.8.3.0, as a temporary workaround, consider restricting access to the `OpenLogFile` endpoint until a patch is available. Avoid using the `filename` parameter in the affected endpoint until the issue is resolved.