Jotaespig

**Name of the Vulnerable Software and Affected Versions** TreasureHuntGame TreasureHunt up to 963e0e0 **Description** A critical issue was found in TreasureHuntGame TreasureHunt, affecting an unknown function of the file TreasureHunt/acesso.php. The manipulation of the `usuario` argument leads to SQL injection. It is possible to launch the attack remotely. This product uses a rolling release for continuous delivery, and therefore, no version details for affected or updated releases are available. **Recommendations** To fix this issue, it is recommended to apply a patch. Specifically, the patch named 8bcc649abc35b7734951be084bb522a532faac4e should be applied. As a temporary workaround, consider restricting access to the vulnerable function in the TreasureHunt/acesso.php file until the patch is applied. Additionally, avoid using the `usuario` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TreasureHuntGame TreasureHunt up to 963e0e0 **Description** A critical vulnerability has been found in TreasureHuntGame TreasureHunt. The issue affects the `console log` function of the file TreasureHunt/checkflag.php. The manipulation of the `problema` argument leads to SQL injection. This attack can be launched remotely. **Recommendations** To fix this issue, it is recommended to apply a patch. Specifically, for versions up to 963e0e0, applying the patch with the identifier 8bcc649abc35b7734951be084bb522a532faac4e is advised. As a temporary workaround, consider restricting access to the `console log` function in the TreasureHunt/checkflag.php file until the patch is applied. Additionally, avoid using the `problema` argument in the affected function until the issue is resolved.