Hiu240900

**Name of the Vulnerable Software and Affected Versions** openITCOCKPIT versions 4.6.4 through 4.6.4 **Description** The issue allows SQL Injection via the `sort` parameter of the API interface, which can be exploited by authenticated users. **Recommendations** For openITCOCKPIT version 4.6.4, update to version 4.6.5 to resolve the issue. As a temporary workaround, consider restricting access to the API interface or avoiding the use of the `sort` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Piwigo version 13.7.0 **Description** The issue concerns SQL Injection via the `Users` function. **Recommendations** For Piwigo version 13.7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.