Falling-Snow

**Name of the Vulnerable Software and Affected Versions** Campcodes Supplier Management System version 1.0 **Description** A SQL injection issue exists in Campcodes Supplier Management System version 1.0. The issue is located in an unknown functionality of the file `/admin/add unit.php`. Manipulation of the `txtunitDetails` argument can lead to SQL injection. The attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZCMS version 3.6.0 **Description** A problematic issue exists in ZCMS 3.6.0 within the Create Article Page component. Manipulation of the `Title` argument can lead to cross-site scripting. The attack can be initiated remotely, and the exploit has been publicly disclosed. **Recommendations** As a mitigation, sanitize the `Title` argument to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Payroll Management System version 1.0 **Description:** A critical vulnerability exists in Campcodes Payroll Management System. The vulnerability is due to a SQL injection flaw within unknown code of the file `/ajax.php?action=save position`. Manipulation of the `ID` argument can lead to successful exploitation. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations:** Campcodes Payroll Management System version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Campcodes Payroll Management System version 1.0 Description: A critical issue exists in the software due to a SQL injection vulnerability. The manipulation of the `ID` argument in the processing of the `/ajax.php?action=delete position` file allows for remote exploitation. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions up to 1.6.7 **Description** A critical vulnerability has been found in the Website Logo Handler component of EyouCMS, allowing for unrestricted upload. The manipulation can be launched remotely. The vendor was contacted about this disclosure but did not respond. The exploit has been disclosed to the public. **Recommendations** For versions up to 1.6.7, update to a version that is not affected by this issue, as the exact fixed version is not specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.116 **Description** A vulnerability has been found in DedeCMS, affecting the file /dede/uploads/dede/friendlink add.php. The manipulation of the `logoimg` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue poses a potential risk of remote code execution. **Recommendations** For DedeCMS version 5.7.116, patch immediately to prevent potential exploitation and monitor for exploit attempts. As a temporary workaround, consider restricting access to the `friendlink add.php` file or disabling the `logoimg` argument until a patch is available.

**Name of the Vulnerable Software and Affected Versions** code-projects Job Recruitment version 1.0 **Description** A critical issue has been found in code-projects Job Recruitment, affecting the processing of the file /activation.php. The manipulation of the `e hash` argument leads to sql injection. The attack may be initiated remotely. **Recommendations** For code-projects Job Recruitment version 1.0, update to the latest release to mitigate risks. As a temporary workaround, consider restricting access to the /activation.php file until a patch is available. Avoid using the `e hash` argument in the affected file until the issue is resolved.