Nikolai Makaroff

**Name of the Vulnerable Software and Affected Versions** Gibbon versions prior to 30.0.01 **Description** An authenticated SQL Injection exists in the Tracking/graphing feature. Users with Teacher or higher privileges can abuse this functionality to perform unintended read and write activities on the underlying database. The issue is located in the 'graphing.php' file. **Recommendations** Update to version 30.0.01 or later.

**Name of the Vulnerable Software and Affected Versions** LiquidFiles versions prior to 4.1.2 **Description** LiquidFiles is susceptible to a directory traversal issue. This occurs when the pathname of a local executable file is configured as an Actionscript, potentially allowing unauthorized access to system files. **Recommendations** Update LiquidFiles to version 4.1.2 or later.