Naixiao

**Name of the Vulnerable Software and Affected Versions** codehub666 94list (affected versions not specified) **Description** A security flaw exists in codehub666 94list. The issue involves a SQL injection impacting the `Login` function within the `/function.php` file. This allows for remote exploitation. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** icret EasyImages versions up to 2.8.6 **Description** A flaw exists in icret EasyImages, specifically within the SVG Image Handler component, affecting the file `/app/upload.php`. Manipulation of the `File` argument can lead to cross site scripting. This issue is potentially exploitable remotely. **Recommendations** Update to a version later than 2.8.6.

**Name of the Vulnerable Software and Affected Versions** FantasticLBP Hotels Server versions prior to 67b44df162fab26df209bd5d5d542875fcbec1d0 **Description** A security flaw exists in FantasticLBP Hotels Server. The issue involves a SQL injection that can be triggered by manipulating the `subjectId`/`cityName` argument within an unknown function in the file controller/api/hotelList.php. This allows for remote execution of attacks. The exploit has been publicly released. **Recommendations** Versions prior to 67b44df162fab26df209bd5d5d542875fcbec1d0 should be updated. As a temporary workaround, restrict or avoid using the `subjectId`/`cityName` parameters in the `/api/hotelList.php` endpoint.