Jspring996

**Name of the Vulnerable Software and Affected Versions** bloofox version 0.5.2 **Description** The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the `delete file()` function. **Recommendations** For bloofox version 0.5.2, consider disabling the `delete file()` function until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** bloofox version 0.5.2 **Description** The issue is related to a SQL injection vulnerability. It affects the component "/index.php?mode=content&page=pages&action=edit&eid=1". **Recommendations** For bloofox version 0.5.2, consider restricting access to the "/index.php?mode=content&page=pages&action=edit&eid=1" endpoint until a patch is available. Avoid using the `eid` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lmxcms version 1.4.1 **Description** The issue is a SQL injection vulnerability. It can be exploited via the `setbook` parameter at the "index.php" endpoint. **Recommendations** For lmxcms version 1.4.1, consider restricting access to the `setbook` parameter in the "index.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.