Neo-O

**Name of the Vulnerable Software and Affected Versions** lmxcms version 1.41 **Description** A problem was found in an unknown function of the file db.inc.php of the Maintenance component, leading to code injection. The attack can be launched remotely and has a rather high complexity. The exploitability is difficult, and the exploit has been disclosed to the public. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For lmxcms version 1.41, as a temporary workaround, consider disabling the unknown function of the db.inc.php file in the Maintenance component until a patch is available. Restrict access to the db.inc.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Bookstore Management System version 1.0 **Description** A critical issue has been found in the 1000 Projects Bookstore Management System, affecting some unknown functionality of the file addtocart.php. The manipulation of the argument `bcid` leads to SQL injection. The attack may be launched remotely. **Recommendations** For 1000 Projects Bookstore Management System version 1.0, consider restricting access to the addtocart.php file until a patch is available. As a temporary workaround, avoid using the `bcid` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: 1000 Projects Bookstore Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Bookstore Management System. This issue affects an unknown part of the file process users del.php. The manipulation of the `id` argument leads to SQL injection. It is possible to initiate the attack remotely. Recommendations: For version 1.0, consider disabling the `process users del.php` file or restricting access to it until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: 1000 Projects Bookstore Management System version 1.0 Description: A vulnerability has been found in the Add Book Page component, specifically in the file process book add.php. The manipulation of the `Book Name` argument leads to cross-site scripting. The attack can be initiated remotely. Other parameters might be affected as well. Recommendations: For 1000 Projects Bookstore Management System version 1.0, consider disabling the `process book add.php` file or restricting access to the Add Book Page component until a patch is available. As a temporary workaround, avoid using the `Book Name` argument in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.