Theresasu1

**Name of the Vulnerable Software and Affected Versions** TDuckCloud version 5.1 **Description** A SQL Injection issue exists in TDuckCloud version 5.1, allowing a remote attacker to execute arbitrary code through the Add a file upload module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wangxutech MoneyPrinterTurbo version 1.2.6 **Description** The software contains a path traversal flaw. An attacker can exploit this by using crafted '/api/v1/download/' URIs, such as '/api/v1/download//etc/passwd', to access sensitive files. The affected API endpoint is `/api/v1/download/`. The vulnerable parameter is the file path within the request to this endpoint. **Recommendations** Apply any available updates to address this issue. As a temporary workaround, restrict access to the `/api/v1/download/` endpoint.