Cuhanboy

**Name of the Vulnerable Software and Affected Versions** cskaza cszcms version 1.2.9 **Description** The issue allows attackers to gain sensitive information via the `pm sendmail` parameter in `csz model.php`. This is a SQL Injection vulnerability, which can be exploited to obtain sensitive data. **Recommendations** For cskaza cszcms version 1.2.9, consider disabling the `pm sendmail` parameter in `csz model.php` as a temporary workaround until a patch is available. Restrict access to the `csz model.php` file to minimize the risk of exploitation. Avoid using the `pm sendmail` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** victor cms version 1.0 **Description** The issue allows attackers to execute arbitrary commands via the `post` parameter to "/post.php" in a crafted GET request. This enables attackers to potentially access and manipulate sensitive data. **Recommendations** For victor cms version 1.0, as a temporary workaround, consider restricting access to the "/post.php" endpoint until a patch is available. Avoid using the `post` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.