Bousalman

**Name of the Vulnerable Software and Affected Versions** Spotweb version 1.4.9 **Description** Time-based SQL injection exists in the software via the query string. **Recommendations** For version 1.4.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bludit version 3.0.0 **Description** The issue allows for Unrestricted Upload of File with Dangerous Type, which can lead to Remote Command Execution. This can be exploited by a malicious user uploading a crafted payload containing PHP code. **Recommendations** For bludit version 3.0.0, update to a version that contains a fix for this issue to prevent Remote Command Execution. As a temporary workaround, consider restricting access to the Content Upload feature in the Pages Editor to minimize the risk of exploitation.