Sjdalu

Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the `pe delete` function in the `/admin.php?mod=brand&act=del` endpoint. The manipulation of the `brand id[]` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For phpshe version 1.8, consider disabling the `pe delete` function in the `/admin.php?mod=brand&act=del` endpoint until a patch is available. Restrict access to the `brand id[]` argument to minimize the risk of SQL injection exploitation.

Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A problem was found in the processing of the file "api.php?mod=cron&act=buyer". The manipulation of the `act` argument leads to cross-site scripting. The attack may be initiated remotely. Recommendations: For phpshe version 1.8, consider restricting access to the "api.php?mod=cron&act=buyer" endpoint until a fix is available. As a temporary workaround, avoid using the `act` argument in this endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: YzmCMS version 7.1 Description: A problematic vulnerability has been found, allowing for cross-site scripting through the manipulation of the `gourl` argument in an unknown function of the file message.tpl. This can be exploited remotely. Recommendations: For YzmCMS version 7.1, as a temporary workaround, consider validating or restricting the use of the `gourl` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips Gym Management System version 1.0 **Description** A critical vulnerability has been found in the Codezips Gym Management System. This issue affects some unknown processing of the file /dashboard/admin/over month.php. The manipulation of the argument `mm` leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the /dashboard/admin/over month.php file until a patch is available. Avoid using the `mm` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.