Eduardo Bido

**Name of the Vulnerable Software and Affected Versions** HikCentral FocSign (affected versions not specified) **Description** An unquoted service path vulnerability exists in HikCentral FocSign. This could allow an authenticated user to potentially escalate privileges via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HikCentral Professional (affected versions not specified) **Description** An access control vulnerability exists that could allow an unauthenticated user to obtain administrative permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Library Management System – Manage e-Digital Books Library plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is related to SQL Injection via the `value` parameter of the `owt lib handler` AJAX action. This is due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. Authenticated attackers with Administrator-level access and above can append additional SQL queries into already existing queries to extract sensitive information from the database. Recommendations: For versions up to, and including, 3.0.0, update to a version that includes a fix for this issue to prevent SQL Injection attacks. As a temporary workaround, consider restricting access to the `owt lib handler` AJAX action to minimize the risk of exploitation. Avoid using the `value` parameter in the affected AJAX endpoint until the issue is resolved.