Ltltlxe

**Name of the Vulnerable Software and Affected Versions** EngineerCMS versions 1.02 through 2.0.5 **Description** The issue is a SQL injection vulnerability in the "/project/addproject" interface. This vulnerability allows for the injection of malicious SQL code, potentially leading to unauthorized access or modification of sensitive data. **Recommendations** For versions 1.02 through 2.0.5, as a temporary workaround, consider restricting access to the "/project/addproject" interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EngineerCMS versions 1.02 through 2.0.5 **Description** The issue is a SQL injection vulnerability located in the "/project/addprojtemplet" API endpoint. This vulnerability can potentially be exploited to extract or modify sensitive data from the database. **Recommendations** For EngineerCMS versions 1.02 through 2.0.5, as a temporary workaround, consider restricting access to the "/project/addprojtemplet" interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.