Sadfox

**Name of the Vulnerable Software and Affected Versions** ABO.CMS version 5.9.3 **Description** A Cross Site Scripting issue allows an attacker to execute arbitrary code via a crafted payload to the `Referer` header. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For ABO.CMS version 5.9.3, consider disabling access to the `Referer` header until a patch is available to prevent exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ABO.CMS version 5.9.3 **Description** The issue is related to a SQL Injection vulnerability in the Documents module of ABO.CMS, which allows remote attackers to execute arbitrary code via the `d` parameter. This vulnerability is due to the lack of protection measures for the SQL query structure, enabling a remote attacker to exploit it and execute arbitrary code. **Recommendations** For ABO.CMS version 5.9.3, as a temporary workaround, consider disabling the `d` parameter in the Documents module until a patch is available. Restrict access to the Documents module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.