Hzllaga

**Name of the Vulnerable Software and Affected Versions** ThinkAdmin version 6 **Description** The issue allows an unauthorized attacker to read arbitrary files on a remote server via a GET request by manipulating the encode parameter. **Recommendations** For ThinkAdmin version 6, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.

**Name of the Vulnerable Software and Affected Versions** Msvod Cms version 10 **Description** The issue exists due to SQL Injection via an `images/lists?cid=` URI. **Recommendations** For Msvod Cms version 10, avoid using the `cid` parameter in the `images/lists` endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HongCMS version 3.0.0 **Description** A SQL Injection issue was discovered in the admin/controllers/database.php file. The issue can be exploited via the "admin/index.php/database/operate?dbaction=emptytable&tablename=" URI, allowing for potential SQL injection attacks. **Recommendations** For HongCMS version 3.0.0, consider restricting access to the "admin/index.php/database/operate" endpoint until a patch is available. As a temporary workaround, avoid using the `tablename` parameter in the affected URI to minimize the risk of exploitation.