Adywikradinata

**Name of the Vulnerable Software and Affected Versions** Faveo version 1.9.3 **Description** The issue allows for CSRF, potentially resulting in obtaining admin privileges. The affected endpoint is "public/rolechangeadmin". **Recommendations** For Faveo version 1.9.3, update to a version that includes a fix for this issue to prevent CSRF attacks. As a temporary workaround, consider implementing CSRF protection measures to restrict access to the "public/rolechangeadmin" endpoint.

**Name of the Vulnerable Software and Affected Versions** HelpDEZk version 1.1.1 **Description** The issue allows for obtaining admin privileges through CSRF in the "admin/home#/person/" endpoint. **Recommendations** For HelpDEZk version 1.1.1, update to a version that includes a fix for this issue, as using the `admin/home#/person/` endpoint can lead to admin privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HelpDEZk version 1.1.1 **Description** The issue allows for remote execution of arbitrary PHP code through a CSRF vulnerability. It is specifically found in the "admin/home#/logos/" endpoint. **Recommendations** For HelpDEZk version 1.1.1, as a temporary workaround, consider restricting access to the "admin/home#/logos/" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.