Juneah

**Name of the Vulnerable Software and Affected Versions** FantasticLBP Hotels Server version 1.0 **Description** The issue allows an attacker to execute arbitrary code via the `username` parameter, which is vulnerable to SQL injection. This enables the attacker to potentially access and manipulate sensitive data. **Recommendations** For FantasticLBP Hotels Server version 1.0, consider disabling the `username` parameter in the affected API endpoint until a patch is available. Restrict access to sensitive data and functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FeMiner WMS version 1.1 **Description** An issue in FeMiner WMS allows attackers to execute arbitrary code via the `filename` parameter and the `exec` function. **Recommendations** For FeMiner WMS version 1.1, consider restricting access to the `exec` function and avoid using the `filename` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.