Longhair00

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.14.4 Description: The issue is related to poor input validation, allowing an authenticated user to perform a SQL injection attack. This can result in an authenticated user with low privilege being able to leak all data in the database. Recommendations: For SuiteCRM version 7.14.4, upgrade to version 7.14.6 or 8.7.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database data until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Cockpit CMS version 2.6.3 **Description** An arbitrary file upload vulnerability in the Upload Asset function allows attackers to execute arbitrary code via uploading a crafted `.shtml` file. **Recommendations** For Cockpit CMS version 2.6.3, consider disabling the Upload Asset function until a patch is available to prevent exploitation. Restrict access to the Upload Asset function to minimize the risk of arbitrary code execution. Avoid using the Upload Asset function to upload `.shtml` files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.