B1Uel0N3

**Name of the Vulnerable Software and Affected Versions** MuYuCMS version 2.7 **Description** A flaw exists in MuYuCMS 2.7 that allows for path traversal. The issue is located in the `delete dir file` function within the `application/admin/controller/Template.php` file, part of the Template Management Page component. The `temn/tp` argument is susceptible to manipulation, enabling remote attackers to exploit this weakness. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Simple Stock System version 1.0 **Description** A weakness exists in code-projects Simple Stock System 1.0. This issue affects an unknown function within the `/checkuser.php` file. Manipulation of the `Username` argument can lead to SQL injection. The attack can be launched remotely. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GreenCMS version 2.3.0603 **Description** A flaw exists in GreenCMS that allows for cross site scripting. This issue is related to an unknown functionality within the `/Admin/Controller/CustomController.class.php` file, specifically in the Menu Management Page component. Manipulation of the `Link` argument can trigger the issue, and the attack can be initiated remotely. The exploit for this issue has been published. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.