Dar1In9S

**Name of the Vulnerable Software and Affected Versions** emlog pro versions 2.1.15 and earlier **Description** The issue allows a remote attacker to execute arbitrary code via the cache.php component due to deserialization of untrusted data. **Recommendations** For emlog pro versions 2.1.15 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** thinkphp versions 6.0.0 through 6.0.13 thinkphp versions 6.1.0 through 6.1.1 **Description** The issue allows attackers to execute arbitrary code via a crafted payload, exploiting a deserialization vulnerability. This can be achieved by sending a malicious payload to be deserialized, potentially leading to remote code execution. **Recommendations** For thinkphp versions 6.0.0 through 6.0.13, update to a version outside of this range to mitigate the risk. For thinkphp versions 6.1.0 through 6.1.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of the `unserialize()` function until a patch is available.