Mochazz

**Name of the Vulnerable Software and Affected Versions** DuomiCMS version 3.0 **Description** An issue in DuomiCMS allows remote PHP code execution via the `searchword` parameter in the "search.php" endpoint. This is possible because the `eval` function is used during "if" processing. **Recommendations** For DuomiCMS version 3.0, avoid using the `searchword` parameter in the "search.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "search.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DuomiCMS version 3.0 **Description** An issue exists in the software, specifically a SQL injection in the `ajax.php` file. This is demonstrated by the `uid` parameter. **Recommendations** For DuomiCMS version 3.0, consider restricting access to the `ajax.php` file or avoiding the use of the `uid` parameter until a fix is available.