5497Lvren

**Name of the Vulnerable Software and Affected Versions** MetInfo version 7.7 **Description** A Cross-Site Request Forgery (CSRF) issue in the Administrator List allows attackers to arbitrarily add a Super Administrator account. This enables unauthorized access and control over the system. **Recommendations** For MetInfo version 7.7, as a temporary workaround, consider disabling access to the Administrator List until a patch is available. Restrict access to the Administrator List to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bosscms version 2.0.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) that was discovered in Bosscms. This CSRF is specifically via the `Add` function under the `Administrator List` module. **Recommendations** For Bosscms version 2.0.0, consider disabling the `Add` function under the `Administrator List` module as a temporary workaround until a patch is available. Restrict access to the `Administrator List` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dreamer CMS version 4.0.01 **Description** The issue is related to SQL Injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Dreamer CMS version 4.0.01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.