Jason1314Zhang

**Name of the Vulnerable Software and Affected Versions** CmsWing version 1.3.7 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the `behavior rule` parameter. **Recommendations** For CmsWing version 1.3.7, avoid using the `behavior rule` parameter until a fix is available. Consider temporarily restricting access to this parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CmsWing CMS version 1.3.7 **Description** The issue is related to a Remote Code Execution (RCE) vulnerability. It can be exploited via the `log rule` parameter. **Recommendations** For CmsWing CMS version 1.3.7, avoid using the `log rule` parameter until a fix is available. As a temporary workaround, consider restricting access to the parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Feehi CMS version 2.1.1 **Description** The issue is related to a Server-side request forgery (SSRF) vulnerability. This occurs when the user modifies the HTTP Referer header to any URL, allowing the server to make a request to it. **Recommendations** For Feehi CMS version 2.1.1, as a temporary workaround, consider restricting modifications to the HTTP Referer header to prevent unauthorized requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.