Fi Liu

**Name of the Vulnerable Software and Affected Versions** FormosaSoft ee-class (affected versions not specified) **Description** The issue concerns a failure to properly validate a specific page parameter in the ee-class from FormosaSoft, allowing remote attackers with regular privileges to inject arbitrary SQL commands. This can lead to the reading, modification, and deletion of database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FormosaSoft ee-class (affected versions not specified) **Description** The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.