Enigma522

**Name of the Vulnerable Software and Affected Versions** givanz Vvvebjs versions up to 2.0.4 **Description** A critical vulnerability exists in givanz Vvvebjs up to version 2.0.4. The issue is related to path traversal, stemming from the manipulation of the `File` argument within an unknown function of the `/save.php` file of the node.js component. The attack can be launched remotely, but requires a high level of complexity and is considered difficult to exploit. The exploit has been publicly disclosed. **Recommendations** givanz Vvvebjs versions prior to 2.0.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Church Donation System version 1.0 **Description** A critical vulnerability exists in code-projects Church Donation System 1.0. The issue is a SQL injection affecting an unknown function within the `/admin/index.php` file of the HTTP POST Request Handler component. The manipulation of the `Username` argument allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Church Donation System version 1.0 **Description** A vulnerability exists in Church Donation System version 1.0 related to cross site scripting. The issue is located in the `/admin/edit members.php` file. Manipulation of the `fname` argument can lead to exploitation. The exploit has been publicly disclosed. Other parameters may also be affected. **Recommendations** Address the cross site scripting issue in the `/admin/edit members.php` file. Sanitize the `fname` parameter to prevent script injection. Review and sanitize all other parameters used in the affected file.