Deadlydata

**Name of the Vulnerable Software and Affected Versions** Boelter Blue System Management version 1.3 **Description** The issue allows a remote attacker to execute arbitrary code and obtain sensitive information. This is achieved via the `id` parameter to "news details.php" and "location details.php", and the `section` parameter to "services.php". **Recommendations** For Boelter Blue System Management version 1.3, avoid using the `id` parameter in the "news details.php" and "location details.php" API endpoints, and the `section` parameter in the "services.php" endpoint until the issue is resolved. Consider restricting access to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Gryphon gllcTS2 version 4.2.4 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `detail` parameter in the login.php file. **Recommendations** For Gryphon gllcTS2 version 4.2.4, consider restricting access to the login.php file until a patch is available, and avoid using the `detail` parameter in this context to minimize the risk of exploitation.