Callum Murphy

**Name of the Vulnerable Software and Affected Versions** Chop Slider 3 (affected versions not specified) **Description** A blind SQL injection issue is present, allowing an attacker to execute arbitrary SQL queries in the context of the WP database user. The issue is introduced through the `id` GET parameter supplied to "get script/index.php". **Recommendations** As a temporary workaround, consider restricting access to the "get script/index.php" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tribal SITS:Vision version 9.7.0 **Description** An authentication bypass issue is present in the standalone SITS:Vision component of Tribal SITS in its default configuration. This is related to unencrypted communications sent by the client each time it is launched, which occurs because the Uniface TLS Driver is not enabled by default. This allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does. **Recommendations** As a temporary workaround, consider enabling the Uniface TLS Driver to encrypt communications and minimize the risk of exploitation. Restrict access to the SITS backend to minimize the risk of arbitrary SQL queries being executed. Avoid using the client executable over unsecured networks until the issue is resolved.