Alperen Ergel

**Name of the Vulnerable Software and Affected Versions** b2evolution version 7.2.2 **Description** The software contains a cross-site request forgery condition. This allows attackers to modify administrator account details without authentication. Attackers can create a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** T-Soft E-Commerce 4 (affected versions not specified) **Description** The T-Soft E-Commerce 4 web application is susceptible to SQL injection attacks when authenticated as an admin or privileged user. This issue allows attackers to access and manipulate the database through crafted requests, bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.