Ali Abdollahi

**Name of the Vulnerable Software and Affected Versions** jco.ir KARMA version 6.0.0 **Description** A SQL injection issue exists in the `ContentPlaceHolder1 uxTitle` component in ArchiveNews.aspx, allowing a remote attacker to execute arbitrary SQL commands via the `id` parameter. **Recommendations** For jco.ir KARMA version 6.0.0, consider restricting access to the `id` parameter in the ArchiveNews.aspx page until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ASANHAMAYESH CMS version 3.4.6 **Description** A SQL injection issue exists in the files.php file of the "files" component, allowing a remote attacker to execute arbitrary SQL commands. The `id` parameter is vulnerable to this issue. **Recommendations** For ASANHAMAYESH CMS version 3.4.6, consider restricting access to the files.php file in the "files" component to minimize the risk of exploitation. Avoid using the `id` parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.