Kk98Kk0

Name of the Vulnerable Software and Affected Versions: AiteCMS version 1.0 Description: The issue allows remote attackers to execute arbitrary code via the component "aitecms/login/diy list.php". This is a SQL Injection issue, which can be exploited by attackers to execute arbitrary code. Recommendations: For AiteCMS version 1.0, consider disabling the "diy list.php" component in the "aitecms/login" directory until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPSHE version 1.7 **Description** The issue is related to SQL injection. It occurs via the `admin.php?mod=product&act=state` API endpoint, specifically through the `product id[]` parameter. **Recommendations** For PHPSHE version 1.7, consider restricting access to the `admin.php?mod=product&act=state` endpoint or avoiding the use of the `product id[]` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** PHPSHE version 1.7 **Description** The issue is related to SQL injection via the `admin.php?mod=order` API endpoint, specifically through the `state` parameter. **Recommendations** For PHPSHE version 1.7, consider restricting access to the `admin.php?mod=order` endpoint until a patch is available, and avoid using the `state` parameter in this endpoint to minimize the risk of exploitation.