Corrado Liotta

**Name of the Vulnerable Software and Affected Versions** Bitmain Antminer devices (affected versions not specified) **Description** The issue allows for remote command execution via the system restore function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Img Pals Photo Host version 1.0 **Description** The issue concerns SQL injection vulnerabilities in the approve.php file. Remote attackers can execute arbitrary SQL commands via the `u` parameter in certain actions, specifically in (1) app0 or (2) app1 actions. **Recommendations** For Img Pals Photo Host version 1.0, consider restricting access to the approve.php file until a fix is available, and avoid using the `u` parameter in app0 or app1 actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Img Pals Photo Host version 1.0 **Description** The issue concerns a lack of authentication for requests in the approve.php file, allowing remote attackers to modify administrator activation status. This can be achieved by manipulating the `u` parameter in specific actions, such as app0 to disable or app1 to enable administrator accounts. **Recommendations** For Img Pals Photo Host version 1.0, consider temporarily restricting access to the approve.php file until a proper authentication mechanism is implemented to prevent unauthorized changes to administrator accounts. As a mitigation measure, avoid using the `u` parameter in the affected actions until the issue is resolved.