Jonathan_Tang

**Name of the Vulnerable Software and Affected Versions** EasyCMS versions up to 1.6 **Description** A flaw exists in EasyCMS that allows for remote code execution. The issue stems from the manipulation of the ` order` argument within the `/UserAction.class.php` file, leading to a SQL injection. The exploit is publicly available. **Recommendations** Versions prior to 1.7 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Crime Reporting System version 1.0 Description: A critical vulnerability exists due to a SQL injection in an unknown functionality of the `/policelogin.php` file. Manipulation of the `email` argument can lead to exploitation, potentially allowing remote attacks. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical issue has been discovered, allowing for SQL injection through the manipulation of the `Username` argument in an unknown function of the file /php action/createUser.php. This can be exploited remotely. Recommendations: For code-projects Inventory Management System version 1.0, consider restricting access to the /php action/createUser.php file until a fix is available, and avoid using the `Username` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.