Tr0Uble-Maker

**Name of the Vulnerable Software and Affected Versions** Seacms version 11.4 **Description** An issue was discovered in the /Upload/admin/admin notify.php file, allowing attackers to execute arbitrary PHP code via the `notify1` parameter when the `action` parameter equals 'set'. **Recommendations** For Seacms version 11.4, consider restricting access to the /Upload/admin/admin notify.php file or disabling the `notify1` parameter when the `action` parameter equals 'set' until a patch is available. Avoid using the `notify1` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** 188Jianzhan version 2.10 **Description** A cross-site scripting issue allows attackers to execute arbitrary code via the `username` parameter to the "/admin/reg.php" API endpoint. **Recommendations** For 188Jianzhan version 2.10, consider disabling the `username` parameter in the "/admin/reg.php" endpoint until a patch is available. Restrict access to the "/admin/reg.php" endpoint to minimize the risk of exploitation.