3V1Lc0D3

**Name of the Vulnerable Software and Affected Versions** Codeigniter version 3.1.13 **Description** A Cross-Site Request Forgery (CSRF) issue allows attackers to arbitrarily change the Administrator password and escalate privileges. **Recommendations** For Codeigniter version 3.1.13, update to a newer version to mitigate the risk, as the current version allows attackers to change the Administrator password without permission. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webkul Qloapps version 1.6.0.0 **Description** The issue allows attackers to execute arbitrary code via uploading a crafted file, due to an arbitrary file upload vulnerability. **Recommendations** For Webkul Qloapps version 1.6.0.0, update to a version that fixes this issue to prevent arbitrary code execution.