Lanyuejian

Name of the Vulnerable Software and Affected Versions: CodeAstro Simple Pharmacy Management version 1.0 Description: A SQL injection issue exists due to the manipulation of the `bar code` argument in the `/view.php` file. Remote exploitation is possible. The exploit has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the `/view.php` file until a fix is available. Sanitize the `bar code` argument to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** Jinher OA version 2.0 **Description** A security flaw exists in Jinher OA 2.0 related to the XML Handler component. Manipulation of the file `/c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add` can lead to xml external entity reference. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.