Gu Ziqiang

**Name of the Vulnerable Software and Affected Versions** Moxa SoftCMS versions prior to 1.6 **Description** The issue allows a remote attacker to gain access with administrator privileges through specially crafted input, leveraging a SQL injection technique. This occurs because the SoftCMS Application does not properly sanitize input. **Recommendations** For versions prior to 1.6, update to version 1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Moxa SoftCMS versions prior to 1.6 **Description** A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server, allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. **Recommendations** For versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the ASP Webserver to minimize the risk of exploitation. Avoid using specially crafted URL requests in the affected ASP Webserver until the issue is resolved.