Pemic

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions up to 1.7.7 **Description** A security issue exists in EyouCMS that allows for server-side request forgery. The `saveRemote` function within the `application/function.php` file is susceptible to manipulation, enabling remote attackers to potentially compromise the server. The exploit has been publicly disclosed. **Recommendations** Update to version 1.7.8 or later.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.7.8 **Description** A cross site scripting issue exists in EyouCMS. The issue is related to the manipulation of the `content` argument within an unknown function of the file application/home/model/Ask.php, part of the Ask Module. This can be exploited remotely. The exploit is publicly available. **Recommendations** Update to version 1.7.8 or later.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions up to 1.7.7 **Description** A flaw exists in EyouCMS that allows for remote code execution through deserialization. The issue resides in the `unserialize` function within the `application/api/controller/Ajax.php` file, specifically within the `arcpagelist` Handler component. Manipulation of the `attstr` argument can trigger the deserialization, potentially leading to code execution. The vendor has acknowledged the issue and plans to release version 1.7.8 with a fix. The exploit has been published. **Recommendations** Versions prior to 1.7.8 are affected.

**Name of the Vulnerable Software and Affected Versions** PbootCMS versions prior to 3.2.13 **Description** A weakness exists in PbootCMS up to version 3.2.12. The issue affects an unknown function within the SQLite Database component, specifically the file `/data/pbootcms.db`. Successful manipulation can lead to unauthorized access to files or directories. The attack can be launched remotely and is considered highly complex, but the exploit has been publicly released. **Recommendations** Modify the configuration settings.

**Name of the Vulnerable Software and Affected Versions** PbootCMS versions prior to 3.2.12 **Description** A security issue exists in PbootCMS that allows for remote manipulation of the `X-Forwarded-For` argument. This manipulation impacts the `get user ip` function within the `core/function/handle.php` file, leading to the use of a less trusted source. The vulnerable component is the Header Handler. The exploit has been publicly disclosed. **Recommendations** Update PbootCMS to a version later than 3.2.12. As a temporary workaround, consider restricting or carefully validating the `X-Forwarded-For` header.

**Name of the Vulnerable Software and Affected Versions** FastAdmin versions prior to 1.7.0.20250506 **Description** A flaw exists in FastAdmin up to version 1.7.0.20250506. The issue is located within the `selectpage` function of the `Backend.php` file in the Backend Controller component. Manipulation of the `custom/searchField` argument can result in SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Update to a version later than 1.7.0.20250506.