Hejiasheng

**Name of the Vulnerable Software and Affected Versions** jeanmarc77 123solar versions up to 1.8.4.5 **Description** A critical issue affects the processing of the file /admin/admin invt2.php. The manipulation of the argument `PROTOCOLx` leads to file inclusion. This issue can be exploited remotely. **Recommendations** For versions up to 1.8.4.5, as a temporary workaround, consider restricting access to the /admin/admin invt2.php file until a patch is available. Avoid manipulating the `PROTOCOLx` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: jeanmarc77 123solar version 1.8.4.5 Description: A critical issue exists in the software, affecting an unknown part of the file config/config invt1.php. The manipulation of the `PASSOx` argument leads to code injection. This issue can be exploited remotely. Recommendations: To fix this issue, apply the patch identified as f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. As a temporary workaround, consider restricting access to the file config/config invt1.php and avoiding the manipulation of the `PASSOx` argument until the patch is applied.

Name of the Vulnerable Software and Affected Versions: jeanmarc77 123solar version 1.8.4.5 Description: A problematic issue has been found in the software, affecting an unknown part of the file /detailed.php. The manipulation of the `date1` argument leads to cross-site scripting. It is possible to initiate the attack remotely. Recommendations: For version 1.8.4.5, apply the patch named 94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f to fix this issue. As a temporary workaround, consider restricting access to the `/detailed.php` file until the patch is applied. Avoid manipulating the `date1` argument in the affected file to minimize the risk of exploitation.