Qiushui

**Name of the Vulnerable Software and Affected Versions** SamuNatsu HaloBot (affected versions not specified) **Description** A flaw exists in the `html renderer` function within the `plugins/html renderer/index.js` file of the Inter-plugin API component. Manipulation of the `action` argument can lead to dynamically-managed code resources, and the attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted but did not respond. This issue only affects unsupported products. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IdeaCMS versions up to 1.8 **Description** A flaw exists in IdeaCMS that allows for SQL injection. This issue is located within the `whereRaw` function of the `app/common/logic/index/Coupon.php` file. Manipulation of the `params` argument can lead to exploitation. The exploit details have been publicly disclosed. **Recommendations** Update IdeaCMS to a version newer than 1.8. As a temporary workaround, consider restricting access to the `Coupon.php` file or disabling the `whereRaw` function until a patch is available.