Giovanni Battista Colonna

**Name of the Vulnerable Software and Affected Versions** StackIdeas EasyDiscuss versions 5.0.5 through 5.0.9 **Description** A SQL injection issue allows a remote attacker to obtain sensitive information via a crafted request to the `search` parameter in the Users module. **Recommendations** For versions 5.0.5 through 5.0.9, update to version 5.0.10 to resolve the issue. As a temporary workaround, consider restricting access to the Users module or disabling the search functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PRIMEUR SPAZIO version 2.5.1.954 **Description** The issue allows an unauthenticated attacker to obtain sensitive data related to the content of transferred files via a crafted HTTP request. **Recommendations** For version 2.5.1.954, consider restricting access to the HTTP Server in the File Transfer component until a patch is available. As a temporary workaround, avoid using the File Transfer feature to minimize the risk of exploitation.