Kreon

**Name of the Vulnerable Software and Affected Versions** Serendipity versions 0.8 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `url id` or `entry id` parameters in the "exit.php" file. **Recommendations** For Serendipity versions 0.8 and earlier, consider restricting access to the "exit.php" file until a patch is available. As a temporary workaround, avoid using the `url id` and `entry id` parameters in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WF-Sections (wfsections) version 1.07 **Description** The issue concerns a SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php. This allows remote attackers to execute arbitrary SQL commands via the `articleid` parameter to "article.php". **Recommendations** For WF-Sections (wfsections) version 1.07, consider restricting access to the vulnerable `getAllbyArticle` function in wfsfiles.php until a patch is available. As a temporary workaround, avoid using the `articleid` parameter in the "article.php" endpoint to minimize the risk of exploitation.