Practice

Name of the Vulnerable Software and Affected Versions DefaultFuction Content-Management-System version 1.0 Description A security flaw exists in DefaultFuction Content-Management-System version 1.0, involving the processing of the `/admin/tools.php` file. Manipulation of the `host` argument can lead to command injection, allowing for remote execution of attacks. The exploit has been publicly released. Recommendations Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DefaultFuction Jeson-Customer-Relationship-Management-System (affected versions not specified) **Description** A security issue has been identified in the API Module component of DefaultFuction Jeson-Customer-Relationship-Management-System. Manipulation of the `url` argument in an unknown function within the `/api/System.php` file can lead to server-side request forgery (SSRF). The attack can be initiated remotely. The exploit has been publicly disclosed. Continuous delivery with rolling releases is used, therefore specific version details of affected or updated releases are unavailable. **Recommendations** Install a patch to address this issue.

**Name of the Vulnerable Software and Affected Versions** DefaultFuction Jeson Customer Relationship Management System version 1.0.0 **Description** A SQL injection issue exists in DefaultFuction Jeson Customer Relationship Management System version 1.0.0. The issue is located in the `/modules/customers/edit.php` file. Manipulation of the `ID` argument can lead to SQL injection. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Install the patch f0e991870e9d33701cca3a1d0fd4eec135af01a6 to address this issue.