C0D1007

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.13 Description: The issue allows for Code Injection via the "/phpwcms/setup/setup.php" API endpoint. Recommendations: For phpwcms version 1.9.13, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Halo versions prior to 1.2.0-beta.1 **Description** The issue allows Server Side Template Injection (SSTI) due to the absence of TemplateClassResolver.SAFER RESOLVER in the FreeMarker configuration. **Recommendations** For versions prior to 1.2.0-beta.1, update to version 1.2.0-beta.1 or later to resolve the issue.