Menghaining

**Name of the Vulnerable Software and Affected Versions** SurveyKing version 1.3.1 **Description** The issue allows attackers to execute a session replay attack after a user changes their password. **Recommendations** For SurveyKing version 1.3.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SurveyKing version 1.3.1 **Description** The issue allows users' sessions to remain active after logout, which is related to an incomplete fix. **Recommendations** For SurveyKing version 1.3.1, consider implementing a full logout mechanism to invalidate user sessions upon logout as a temporary workaround until a complete fix is available.

**Name of the Vulnerable Software and Affected Versions** SurveyKing version 1.3.1 **Description** The issue allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. **Recommendations** For SurveyKing version 1.3.1, as a temporary workaround, consider restricting access to session management functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sanluan PublicCMS version 4.0.202302.e **Description** An issue in the software allows an attacker to escalate privileges via the change password function. **Recommendations** For sanluan PublicCMS version 4.0.202302.e, consider disabling the change password function until a patch is available. Restrict access to the change password functionality to minimize the risk of exploitation.