Cokutau-Ch

**Name of the Vulnerable Software and Affected Versions** Church Management System version 1.0 **Description** The issue concerns an arbitrary file upload vulnerability in the /admin/admin pic.php component. This allows attackers to execute arbitrary code via a crafted PHP file. The "arbitrary file upload" term refers to the ability of an attacker to upload files of any type, potentially leading to the execution of malicious code. **Recommendations** For Church Management System version 1.0, consider disabling the /admin/admin pic.php component until a patch is available to prevent arbitrary file uploads. Restrict access to this component to minimize the risk of exploitation. Avoid using this component for file uploads until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `id` parameter at the "/admin/?page=orders/view order" API endpoint. **Recommendations** For Online Pet Shop We App version 1.0, avoid using the `id` parameter in the "/admin/?page=orders/view order" API endpoint until the issue is resolved. Consider temporarily restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.