Kold

**Name of the Vulnerable Software and Affected Versions** CJ Ultra (CJUltra) Plus versions 1.0.3 through 1.0.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `perm` parameter in the out.php file. **Recommendations** For versions 1.0.3 and 1.0.4, consider restricting access to the out.php file until a patch is available. As a temporary workaround, avoid using the `perm` parameter in the out.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GrayCMS version 1.1 Description: The issue allows remote attackers to execute arbitrary PHP code by modifying the `path prefix` parameter to reference a URL on a remote web server that contains the code. This is a result of a PHP remote file inclusion vulnerability in the error.php file. Recommendations: For GrayCMS version 1.1, consider restricting access to the error.php file or modifying the `path prefix` parameter to prevent referencing remote URLs until a patch is available. As a temporary workaround, avoid using the `path prefix` parameter in the error.php file to minimize the risk of exploitation.