Fklov

**Name of the Vulnerable Software and Affected Versions** BeikeShop versions prior to 1.6.0.22 **Description** Improper authorization exists in the Stripe Plugin component. A remote attacker can manipulate the `Request` argument within the `callback()` function of the file 'plugins/Stripe/Controllers/StripeController.php' to bypass authorization controls. **Recommendations** Install patch 6719e0fc690ea0a998452092862e0f0a17c65968 for versions prior to 1.6.0.22. As a temporary workaround, restrict access to the `callback()` function in 'plugins/Stripe/Controllers/StripeController.php' to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Pizzafy E-Commerce System version 1.0 **Description** An SQL injection issue exists in the Administrative Control Panel component. The `Login()` function within the `/admin/admin class novo.php` file is susceptible to remote attacks through the manipulation of the `Username` argument. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to interfere with the application's database. **Recommendations** Update SourceCodester Pizzafy E-Commerce System version 1.0 to a patched version. As a temporary workaround, restrict access to the `/admin/admin class novo.php` file or the `Login()` function until a fix is applied.