Holaasuka

**Name of the Vulnerable Software and Affected Versions** PHPOK version 5.7.140 **Description** The issue allows remote attackers to run arbitrary code and gain escalated privileges via a crafted zip file upload. **Recommendations** For PHPOK version 5.7.140, consider disabling file upload functionality until a patch is available to prevent exploitation. Restrict access to sensitive areas of the application to minimize the risk of privilege escalation. Avoid using the file upload feature with untrusted or unknown zip files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Piwigo version 11.5.0 **Description** The issue is a SQL injection vulnerability. It can be exploited via the "admin.php" endpoint and the `id` parameter. **Recommendations** For Piwigo version 11.5.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "admin.php" endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.