Echox1O

Name of the Vulnerable Software and Affected Versions: thinkphp-zcms as of 20190715 Description: The issue allows SQL injection via the "index.php?m=home&c=message&a=add" API endpoint. This could potentially lead to unauthorized access to sensitive data. Recommendations: For thinkphp-zcms as of 20190715, avoid using the "index.php?m=home&c=message&a=add" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PublicCMS version 4.0.180825 **Description** An issue in PublicCMS makes it easier to conduct brute-force attacks due to different response lengths for invalid login attempts, depending on whether the username is valid. **Recommendations** For PublicCMS version 4.0.180825, at the moment, there is no information about a newer version that contains a fix for this vulnerability.