Jakets

**Name of the Vulnerable Software and Affected Versions** ESPCMS version P8.21120101 **Description** An issue was discovered in ESPCMS after logging in to the background, where there is a SQL injection vulnerability in the function node where members are added. **Recommendations** For ESPCMS version P8.21120101, as a temporary workaround, consider restricting access to the member addition function node until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** earclink ESPCMS version P8.21120101 **Description** A problematic issue was found in the Content Handler component, leading to cross site scripting. The manipulation can be launched remotely. **Recommendations** For earclink ESPCMS version P8.21120101, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jizhicms version 2.3.3 **Description** A SQL injection issue was found in the /Member/memberedit.html component. This allows for potential exploitation via SQL injection attacks. **Recommendations** For Jizhicms version 2.3.3, consider restricting access to the /Member/memberedit.html component until a patch is available. As a temporary workaround, avoid using user-inputted data in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.