Tr0Ee

**Name of the Vulnerable Software and Affected Versions** Wedding Planner version 1.0 **Description** The issue allows for arbitrary code execution via the "package edit.php" endpoint. **Recommendations** For version 1.0, update to a version that fixes this issue, if available, or consider disabling access to the "package edit.php" endpoint as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple Cold Storage Management System version 1.0 **Description** The issue allows for SQL Injection via the "/csms/admin/?page=user/manage user&id=" API endpoint, specifically targeting the `id` variable. This could potentially lead to unauthorized access or manipulation of data. **Recommendations** For Simple Cold Storage Management System version 1.0, consider disabling the `/csms/admin/?page=user/manage user` endpoint until a patch is available, or restrict access to it to minimize the risk of exploitation. Avoid using the `id` variable in the affected API endpoint until the issue is resolved.