Letmejustdoit

**Name of the Vulnerable Software and Affected Versions** DamiCMS version 6.0.1 **Description** The issue allows remote attackers to read arbitrary files by sending a crafted request to the `admin.php?s=Tpl/Add/id` endpoint. For example, an attacker can read the global configuration file by accessing `admin.php?s=Tpl/Add/id/.PublicConfigconfig.ini.php`. **Recommendations** For DamiCMS version 6.0.1, restrict access to the `admin.php?s=Tpl/Add/id` endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 4.1.0 **Description** The issue allows SQL injection via the `keywords` parameter in the "index.php?m=promote&f=index&v=search" endpoint. **Recommendations** For WUZHI CMS version 4.1.0, avoid using the `keywords` parameter in the affected endpoint until the issue is resolved.