Victomteng1997

**Name of the Vulnerable Software and Affected Versions** SEO Panel version 4.9.0 **Description** The issue allows attackers to gain sensitive information through a SQL Injection vulnerability. This vulnerability is located in the `getUserName` function in `api/user.api.php`, specifically in the `username` parameter. **Recommendations** For SEO Panel version 4.9.0, consider disabling the `getUserName` function in `api/user.api.php` or restricting access to the `username` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS versions 2.9.4 and below **Description** The issue concerns a function in the `product.php` file that is vulnerable to sql injection on the parameter `id` through a post request. This vulnerability allows for arbitrary sql query execution in the backend database. **Recommendations** For NavigateCMS versions 2.9.4 and below, as a temporary workaround, consider restricting access to the `product.php` file or disabling the function that handles the `id` parameter until a patch is available. Avoid using the `id` parameter in post requests to the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rukovoditel version 2.8.3 **Description** The issue allows attackers to perform a Cross Site Request Forgery (CSRF) attack, enabling them to create an admin user with arbitrary credentials. **Recommendations** For Rukovoditel version 2.8.3, update to a version that contains a fix for this issue, as using arbitrary credentials can lead to unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.