Meoconx

Name of the Vulnerable Software and Affected Versions: QuickEStore versions 8.2 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `CFTOKEN` parameter. Recommendations: For QuickEStore versions 8.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Application Dynamics Cartweaver ColdFusion version 2.16.11 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `category` and `keywords` parameters in "Results.cfm", and the `ProdID` parameter in "Details.cfm". **Recommendations** For Application Dynamics Cartweaver ColdFusion version 2.16.11 and earlier, consider restricting access to the vulnerable parameters `category`, `keywords`, and `ProdID` in the affected files "Results.cfm" and "Details.cfm" until a patch is available. Avoid using these parameters in the respective API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.