Blackjliuyun

Name of the Vulnerable Software and Affected Versions: FlameCMS version 3.3.5 Description: The issue is a SQL injection vulnerability. It is located in the /master/article.php endpoint via the `Id` parameter. Recommendations: For FlameCMS version 3.3.5, avoid using the `Id` parameter in the /master/article.php endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the /master/article.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FlameCMS version 3.3.5 Description: The issue is a time-based blind SQL injection vulnerability. It is located in the /account/register.php endpoint. Recommendations: For FlameCMS version 3.3.5, consider disabling the /account/register.php endpoint until a patch is available to prevent potential exploitation. Restrict access to this endpoint to minimize the risk of SQL injection attacks.

Name of the Vulnerable Software and Affected Versions: JeeCMS version 1.0.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the `commentText` parameter, enabling stored cross-site scripting (XSS) attacks. This could potentially lead to the execution of malicious scripts on the affected system. Recommendations: For JeeCMS version 1.0.1, consider restricting or sanitizing input for the `commentText` parameter to prevent the execution of arbitrary scripts until a patch is available. As a temporary workaround, avoid using the `commentText` parameter in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** waimai Super Cms version 20150505 **Description** The issue allows for a change in configuration via the admin.php?m=Config&a=add endpoint. This is achieved through a CSRF vulnerability, which can be exploited to modify settings without the user's knowledge or consent. **Recommendations** For waimai Super Cms version 20150505, as a temporary workaround, consider restricting access to the `admin.php?m=Config&a=add` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** waimai Super Cms version 20150505 **Description** The issue concerns a stored XSS vulnerability. It can be triggered via the `/admin.php/Foodcat/editsave` API endpoint, specifically through the `fcname` parameter. **Recommendations** For waimai Super Cms version 20150505, as a temporary workaround, consider restricting access to the `/admin.php/Foodcat/editsave` API endpoint until a patch is available. Avoid using the `fcname` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.