Pwn师傅

**Name of the Vulnerable Software and Affected Versions** jizhi CMS version 1.9.5 **Description** The issue concerns an arbitrary file download vulnerability in the /c/PluginsController.php component. This vulnerability allows attackers to execute arbitrary code via downloading a crafted plugin. **Recommendations** For jizhi CMS version 1.9.5, consider disabling the /c/PluginsController.php component until a patch is available to prevent exploitation. Restrict access to the plugin download feature to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CTF-hacker pwn (affected versions not specified) **Description** A problematic vulnerability has been found in CTF-hacker pwn, affecting an unknown part of the file delete.html. The manipulation leads to cross-site request forgery, which can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.