Yucheng Lin

**Name of the Vulnerable Software and Affected Versions** WellChoose Single Sign-On Portal System (affected versions not specified) WellChoose Organization Portal System (affected versions not specified) **Description** An OS Command Injection issue exists in the WellChoose Portal Systems, potentially allowing authenticated remote attackers to inject and execute arbitrary OS commands on the server. The affected systems include both the Single Sign-On Portal System and the Organization Portal System. The issue allows for the execution of commands, potentially leading to system compromise. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WellChoose Single Sign-On Portal System (affected versions not specified) **Description** The WellChoose Single Sign-On Portal System contains an OS Command Injection issue. Authenticated remote attackers can inject arbitrary OS commands and execute them on the server. The issue allows for the injection of commands, potentially granting attackers unauthorized access and control over the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WellChoose Single Sign-On Portal System (affected versions not specified) **Description** The WellChoose Single Sign-On Portal System is susceptible to a Reflected Cross-site Scripting issue. This allows attackers with existing access to execute arbitrary JavaScript code within a user's browser. Exploitation occurs through crafted phishing attacks. The vulnerability requires authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Sistema de Informação Hospitalar UNIMAX (versões afetadas não especificadas) **Descrição** O Sistema de Informação Hospitalar desenvolvido pela UNIMAX é vulnerável a uma falha de Injeção de SQL. Isso permite que atacantes remotos não autenticados injetem comandos SQL arbitrários, podendo resultar em acesso não autorizado e recuperação de conteúdos do banco de dados. **Recomendações** Até o momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.