Tale

Name of the Vulnerable Software and Affected Versions: PowerCreator CMS version 1.0 Description: A critical issue was found in PowerCreator CMS, affecting an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the `cid` argument leads to sql injection. It is possible to launch the attack remotely. Recommendations: For PowerCreator CMS version 1.0, as a temporary workaround, consider restricting access to the /OpenPublicCourse.aspx file until a patch is available. Avoid using the `cid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** UCMS version 1.6.0 **Description** A problematic issue was found in the file saddpost.php of the component Column Configuration. The manipulation of the `strorder` argument leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For UCMS version 1.6.0, consider disabling the `strorder` argument in the affected file saddpost.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hsycms version 3.1 **Description** A problematic issue has been found in the file controllercate.php of the component Add Category Module. The manipulation of the `title` argument leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Hsycms version 3.1, as a temporary workaround, consider restricting the use of the `title` argument in the affected module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** UCMS version 1.6 **Description** A critical issue affects the System File Management Module, specifically the file sadmin/fileedit.php, allowing for unrestricted upload due to the manipulation of the `file` argument. This can be initiated remotely. **Recommendations** For UCMS version 1.6, consider restricting access to the sadmin/fileedit.php file and the System File Management Module to minimize the risk of exploitation. Avoid using the `file` argument in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.