Kaimi

**Name of the Vulnerable Software and Affected Versions** CMS Web-Gooroo versions prior to 2013-01-19 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `wbg login` parameter in the `/wbg/core/ includes/authorization.inc.php` file. This enables attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. **Recommendations** For CMS Web-Gooroo versions prior to 2013-01-19, consider restricting access to the `/wbg/core/ includes/authorization.inc.php` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `wbg login` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gitlab versions 8.2.0 through 8.2.4 Gitlab versions 8.3.0 through 8.3.8 Gitlab versions 8.4.0 through 8.4.9 Gitlab versions 8.5.0 through 8.5.11 Gitlab versions 8.6.0 through 8.6.7 Gitlab version 8.7.0 **Description** The impersonate feature in Gitlab allows remote authenticated users to log in as any other user via unspecified vectors. **Recommendations** For Gitlab versions 8.2.0 through 8.2.4, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.3.0 through 8.3.8, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.4.0 through 8.4.9, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.5.0 through 8.5.11, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.6.0 through 8.6.7, consider disabling the impersonate feature until a patch is available. For Gitlab version 8.7.0, consider disabling the impersonate feature until a patch is available.