Antón Ortigueira

**Name of the Vulnerable Software and Affected Versions** AbrhilSoft Employee's Portal versions prior to 5.6.2 **Description** The issue is related to a SQL injection vulnerability found in the login page. This vulnerability can potentially be exploited to extract or modify sensitive data from the database. **Recommendations** For versions prior to 5.6.2, update to version 5.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation. Avoid using user-input data directly in SQL queries until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Endalia Selection Portal versions prior to 4.205.0 Description: The issue allows any authenticated user to download every file uploaded to the platform by changing the value of the `file identifier` (also known as CommonDownload identification number). This is due to an Insecure Direct Object Reference (IDOR). Recommendations: For versions prior to 4.205.0, update to version 4.205.0 or later to resolve the issue. As a temporary workaround, consider restricting access to file downloads to minimize the risk of exploitation.