Jiang

**Name of the Vulnerable Software and Affected Versions** Fortinet FortiWeb versions 7.0 through 8.0.2 Fortinet FortiWeb version 7.2 Fortinet FortiWeb version 7.4 Fortinet FortiWeb versions 7.6.0 through 7.6.6 Fortinet FortiWeb version 8.0 **Description** The software contains a NULL pointer dereference issue [CWE-476]. An authenticated attacker can potentially cause the HTTP daemon to crash by sending specially crafted HTTP requests. The issue affects multiple major versions of the software. **Recommendations** FortiWeb versions prior to 8.0.2 are affected.

**Name of the Vulnerable Software and Affected Versions** xunruicms versions up to 4.5.1 **Description** The issue allows attackers to execute arbitrary code via a crafted GET request to the `/index.php` endpoint. This enables the execution of arbitrary code, posing a significant risk. **Recommendations** For versions up to 4.5.1, update to a version later than 4.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the `/index.php` endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: latte/latte versions prior to 2.10.6 Description: The issue allows bypassing of `allowFunctions` restrictions, affecting the security of the application. When the template is set to allow or disallow certain functions, adding control characters (x00-x08) after the function bypasses these restrictions. Recommendations: For versions prior to 2.10.6, update to version 2.10.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of functions that can be bypassed by control characters until a patch is applied. Avoid using control characters (x00-x08) after functions in templates to minimize the risk of exploitation.