Bkpatron

**Name of the Vulnerable Software and Affected Versions** Victor CMS version 1.0 **Description** A SQL injection flaw exists in the 'post.php' endpoint via the `post` parameter. This allows remote attackers to manipulate database queries and extract information using boolean-based, error-based, and time-based injection techniques, specifically through crafted UNION SELECT payloads. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elaniin CMS version 1.0 **Description** An authentication bypass exists that allows unauthorized access to the dashboard via SQL injection on the login page. Attackers can gain access by sending crafted `email` and `password` parameters containing the '=''or' payload to the 'login.php' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BloodX version 1.0 **Description** The issue allows attackers to bypass authentication due to a SQL injection vulnerability. **Recommendations** For BloodX version 1.0, consider restricting access to sensitive data and authentication mechanisms until a patch is available. As a temporary workaround, avoid using user-input data directly in SQL queries to minimize the risk of exploitation.