L1Nk3R

**Name of the Vulnerable Software and Affected Versions** FrogCMS SentCMS version 0.9.5 **Description** The issue allows for privilege escalation in the 'upload.php' file, enabling an attacker to execute arbitrary code by uploading a crafted php file. **Recommendations** For FrogCMS SentCMS version 0.9.5, consider disabling the 'upload.php' file or restricting its access until a patch is available to prevent arbitrary code execution.

Name of the Vulnerable Software and Affected Versions: BigTree version 4.2.22 Description: The issue is related to cross-site scripting (XSS) in the /core/inc/lib/less.php/test/index.php file. This occurs due to the echo of the $ SERVER['REQUEST URI'] variable. The vulnerability can be demonstrated by manipulating the dir parameter in a file=charsets action. Recommendations: For BigTree version 4.2.22, consider restricting access to the vulnerable /core/inc/lib/less.php/test/index.php file until a patch is available. As a temporary workaround, avoid using the dir parameter in the file=charsets action to minimize the risk of exploitation.